QANTAS Cyber Incident

RB001 said:
www.abc.net.au

Flying kangaroo goes to ground on data breach

Qantas has sent emails to customers affected or potentially affected by a cyber attack, but it took two days for any of its senior executives to front the media.
www.abc.net.au www.abc.net.au


No real surprises here...
Click to expand...

Completely different to the article I just read.

QF are working on a system and will be contacting everybody again next week to advise which specific data fields were breached, as they will be different for everybody.

They have not been asked for ransom yet.

 
Household of 4.
- 16 year old and I got the second email
- 12 year old and partner didn't.
None of us have ever used a call centre.
 
flyingsal said:
Household of 4.
- 16 year old and I got the second email
- 12 year old and partner didn't.
None of us have ever used a call centre.
Click to expand...
Virtually identical here. Kids' accounts were set up at the same time. Son breached, daughter not. I got an email, wife didn't
 
RB001 said:
www.abc.net.au

Flying kangaroo goes to ground on data breach

Qantas has sent emails to customers affected or potentially affected by a cyber attack, but it took two days for any of its senior executives to front the media.
www.abc.net.au www.abc.net.au


No real surprises here...
Click to expand...

They may well still be in the “we don’t know what we don’t know” stage.

I wouldn’t be surprised if they drip feed announcements of further breaches in coming days, such as additional data fields that were stolen, beyond those already announced, or more customers affected than originally thought.
 
justinbrett said:
Click to expand...

Article strongly reinforces the point that several of us made earlier:

He told news.com.au the ‘date-of-birth’ being leaked was of greatest concern.

“The kind of information that has been stolen, you use it everywhere … they define you. I can change my credit card number, it’s annoying and it’s a hassle, but I can ring up my bank and it’s done.

“But my name and my date of birth, these are things that are a little bit more permanent and in many ways these are just as frustrating to have leaked because those are things you actually can’t change. I can’t change my name very easily and I certainly can’t change my date of birth.”

‘Worried about is impersonation’

Dr Pearce said that a hacker obtaining your full name, date-of-birth, email or phone number are three pieces of personal data that may pave the way for a future “downstream attack”, and that as a cybersecurity expert, his biggest fear for impacted customers is impersonation.

“The biggest thing that we’re worried about is impersonation … where they [hackers] can pretend to be you with other businesses that you might be registered with.”
 
RB001 said:
www.abc.net.au

Flying kangaroo goes to ground on data breach

Qantas has sent emails to customers affected or potentially affected by a cyber attack, but it took two days for any of its senior executives to front the media.
www.abc.net.au www.abc.net.au


No real surprises here...
Click to expand...
No media interviews are going to provide any more answers than are already provided.
Such a beat up.

Qantas communication on this has been good: clear, concise, timely. As an impacted customer, i know all I need to know. As an indirect minor shareholder, I'm happy with the response and actions indicate swift detection of the issue and plans in place to deal with the situation and potential impacts.

Nobody needs to know minute details of how, who, etc. Just that lessons are learned, and any strengthening of protocols and procedures are made.
 
offshore171 said:
Article strongly reinforces the point that several of us made earlier:

He told news.com.au the ‘date-of-birth’ being leaked was of greatest concern.

“The kind of information that has been stolen, you use it everywhere … they define you. I can change my credit card number, it’s annoying and it’s a hassle, but I can ring up my bank and it’s done.

“But my name and my date of birth, these are things that are a little bit more permanent and in many ways these are just as frustrating to have leaked because those are things you actually can’t change. I can’t change my name very easily and I certainly can’t change my date of birth.”

‘Worried about is impersonation’

Dr Pearce said that a hacker obtaining your full name, date-of-birth, email or phone number are three pieces of personal data that may pave the way for a future “downstream attack”, and that as a cybersecurity expert, his biggest fear for impacted customers is impersonation.

“The biggest thing that we’re worried about is impersonation … where they [hackers] can pretend to be you with other businesses that you might be registered with.”
Click to expand...

Actually I think one saving grace is QF doesn’t have most people’s middle name, they usually only store the middle initial.

But the counter point to this is QF is not the first breach. All the spam calls I’m getting who know my name indicate my details have already been leaked many times.
 
justinbrett said:
Actually I think one saving grace is QF doesn’t have most people’s middle name, they usually only store the middle initial.
Click to expand...
I recently updated my profile because I was getting annoying messages that my profile was incorrect. Checked phone numbers, address and only when I contacted them about middle name did the error go away. Well, until it then came back…😡

But just the initial was an issue when filling out APIS. As soon as you try and put in your full middle name (as per your PP), it would scrub all other fields…

Anyway, guess I’ll wait and see what additional info is out there post Optus, Medibank and God knows what others…
 
SYD said:
Anyway, guess I’ll wait and see what additional info is out there post Optus, Medibank and God knows what others…
Click to expand...

I’m 100% sure there were at least some dodgy businesses selling their Covid contact tracing logs
 
offshore171 said:
Article strongly reinforces the point that several of us made earlier:

He told news.com.au the ‘date-of-birth’ being leaked was of greatest concern.

“The kind of information that has been stolen, you use it everywhere … they define you. I can change my credit card number, it’s annoying and it’s a hassle, but I can ring up my bank and it’s done.

“But my name and my date of birth, these are things that are a little bit more permanent and in many ways these are just as frustrating to have leaked because those are things you actually can’t change. I can’t change my name very easily and I certainly can’t change my date of birth.”

‘Worried about is impersonation’

Dr Pearce said that a hacker obtaining your full name, date-of-birth, email or phone number are three pieces of personal data that may pave the way for a future “downstream attack”, and that as a cybersecurity expert, his biggest fear for impacted customers is impersonation.

“The biggest thing that we’re worried about is impersonation … where they [hackers] can pretend to be you with other businesses that you might be registered with.”
Click to expand...
And given this whole thing started with just a simple fake phone call to a telephone operator then 🤷‍♀️

Still no communication from Qantas at all to our accounts. And the Qantas email address isn't whitelisted. Edit. It's on the safe list.

SYD said:
I recently updated my profile because I was getting annoying messages that my profile was incorrect. Checked phone numbers, address and only when I contacted them about middle name did the error go away. Well, until it then came back…😡

But just the initial was an issue when filling out APIS. As soon as you try and put in your full middle name (as per your PP), it would scrub all other fields…

Anyway, guess I’ll wait and see what additional info is out there post Optus, Medibank and God knows what others…
Click to expand...
Same here. Called them and still cannot get rid of that message. There's nothing missing.
 
Last edited:
Pushka said:
Still no communication from Qantas at all to our accounts. And the Qantas email address isn't whitelisted.
Click to expand...
That might be your problem, domains/addresses on the whitelist are considered safe and delivered, domains on the blacklist are not; those on neither may or may not end up in SPAM.
 
Aeryn said:
That might be your problem, domains/addresses on the whitelist are considered safe and delivered, domains on the blacklist are not; those on neither may or may not end up in SPAM.
Click to expand...
Ok. It's the opposite then. It's safe. Otherwise we'd never get any emails for tickets etc. Which of course we do.
 
justinbrett said:
I’m 100% sure there were at least some dodgy businesses selling their Covid contact tracing logs
Click to expand...
However given during Covid pretty much the only place you could go was the supermarket not sure that is going to be very valuable given the duopoly in most places.

Pretty sure the banks are already selling the data every time you use a card to pay for a coffee or takeaway.
 
Aeryn said:
However given during Covid pretty much the only place you could go was the supermarket not sure that is going to be very valuable given the duopoly in most places.

Pretty sure the banks are already selling the data every time you use a card to pay for a coffee or takeaway.
Click to expand...

Not in my state; pubs, cafes, restaurants, I think even cinemas. Don’t think you needed it for Woolies.

Plenty of small independent operators who may have needed an extra few dollars.
 
My routine during Covid was different, certainly doesn't match my routine now. No one can steal my identity knowing i bought a coffee at xyz cafe in 2020 or went to the hairdressers.

And the check-in app was run by the government, businesses registered for a QR code and you scanned it and sent your contact details with venue code, i dont think the government was selling that data. If they did then there was no DOB just a name and contact number and email; the email i used was one of the one i use for online forums etc not one I use for important stuff.
 
AuSammy said:
i believe this incident has only added one data point to the information already “out there” - QFF member number
Click to expand...
Even more reason to just roll all affected members onto new ones then?

justinbrett said:
But the counter point to this is QF is not the first breach. All the spam calls I’m getting who know my name indicate my details have already been leaked many times.
Click to expand...
Weirdly in my case the only thing that changed after those breaches was that I finally started getting spam in my inbox, though even those were never addressed to my real name or details until yesterday. Have not heard anything about fake IDs or credit accounts being set up yet.
 
Score 10,000 Bonus PayRewards Points on your business spend!*
Elevate your business spending to first-class rewards! Sign up today with code AFF10 and process over $10,000 in business expenses within your first 30 days to unlock 10,000 Bonus PayRewards Points.
Join 30,000+ savvy business owners who:

✅ Pay suppliers who don’t accept Amex
✅ Max out credit card rewards—even on government payments
✅ Earn & transfer PayRewards Points to 10+ airline & hotel partners

Start earning today!
- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners

AFF Supporters can remove this and all advertisements

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

... and 25 more.
Total: 627 (members: 75, guests: 552)
Back
Top