QANTAS Cyber Incident

Just got notification about what of mine was leaked. Name, QFF # and Status Tier. Now everyone will know I'm a W(P).

The list of CLs might be a juicy data set for the hackers.....
 
Last edited:
33kft said:
Just got notification about what of mine was leaked. Name, QFF # and Status Tier. Now everyone will know I'm a W(P).

The list of CLs might be a juicy data set for the hackers.....
Click to expand...
Any mention of email in the next steps or was it a case of here it what was leaked and goodbye?
 
33kft said:
Just got notification about what of mine was leaked. Name, QFF # and Status Tier. Now everyone will know I'm a W(P).

The list of CLs might be a juicy data set for the hackers.....
Click to expand...
That was the total of what was leaked? Not really a big deal, especially as status is fluid. I wonder if QFF might consider reissuing membership numbers for those who are concerned?
 
And here's a bit more detail: Extent of major Qantas data breach revealed

Of the 6 million customers whose details were in the affected system, almost all have had at least some of their information stolen.

A total of 5.7 million unique customer records are impacted, 4 million of which were limited to name, email address and Qantas Frequent Flyer details.

Of those, 1.2 million were name and email only, while 2.8 million also included the Frequent Flyer number, most of which also had their Status Tier included.

While not outlined by Qantas today, for some of those 2.8 million, described as a "smaller subset", the information also included their Points Balance and Status Credit balance - indicating a more precise targeting by scammers of those account holders.

Among the remaining 1.7 million customers, the data was only some of the above, but additionally, one or more additional fields with 1.3 million addresses leaked - these might be home, business or hotel addresses used in baggage re-delivery.

Finally, within that 1.7 million, there are many that included Date of Birth (1.1 million), phone numbers (900,000), Gender (400,000) and for 10,000 customers, their meal preference is part of the data leak.
 
Website was updated today as well - https://www.qantas.com/au/en/support/information-for-customers-on-cyber-incident.html
Specific data fields vary from customer to customer. Our analysis has found:

The majority of customer records that were compromised are limited to:
  • Name and/or
  • Email address and/or
  • Qantas Frequent Flyer number (and in some cases, tier, status credits and points balance).
Some customer records include a combination of the ones above, and one or more of the following:
  • Address - This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery.
  • Date of Birth
  • Phone number - (mobile, landline and/or business)
  • Gender
  • Meal preferences.
Customer records are based on unique email addresses, and customers with multiple email addresses may have multiple accounts.
Click to expand...

Qantas is emailing affected customers aged 15 and above for whom we hold an email address to advise them of the types of their personal data that was contained in the impacted system and provide advice and support. Please ensure you check your junk/spam folder.

To provide our Qantas Frequent Flyers with further visibility, you will be able to view the types of your data that were held on the compromised system once you are logged into your account. We expect this capability will be available from later this week.
Click to expand...
 
dairyfloss said:
That was the total of what was leaked? Not really a big deal, especially as status is fluid. I wonder if QFF might consider reissuing membership numbers for those who are concerned?
Click to expand...
I hope they do not issue me new FF number. I like my 5-digit number and it is etched in my memory. I hope any such re-issue of membership numbers would be done on an oipt-in basis for those who do hold concerns.

Someone knowing my QFF number does not concern me, given that I have 2-factor authentication setup with Qantas so accessing from a new device would require to know my PIN and have access to my phone authentication app.
 
33kft said:
but additionally, one or more additional fields with 1.3 million addresses leaked - these might be home, business or hotel addresses used in baggage re-delivery.

Finally, within that 1.7 million, there are many that included Date of Birth (1.1 million), phone numbers (900,000), Gender (400,000) and for 10,000 customers, their meal preference is part of the data leak.
Click to expand...

And there's the drip feed as mentioned earlier. Addresses, Phone Numbers, Gender etc

Anyone thinking there will be at least one further "wait there's more" email?
 
offshore171 said:
Anyone thinking there will be at least one further "wait there's more" email?
Click to expand...
I doubt it? It sounds like they've gone through the access logs and worked out exactly what has been taken. They will have sorted everyone into tranches based on which of the above categories they fall into, and would be batching out emails as we speak.

I have several more family members I am yet to get emails for, not sure where we will all fall until we get the emails.
 
Check out the latest credit card signup bonus point offers
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

offshore171 said:
I wouldn’t be surprised if they drip feed announcements of further breaches in coming days, such as additional data fields that were stolen, beyond those already announced,
Click to expand...

33kft said:
I doubt it? It sounds like they've gone through the access logs and worked out exactly what has been taken.
Click to expand...

You'd hope, so, but the "drip feed" thing has been a hallmark of responses to previous major breaches. It's almost as if it's a standard crisis/PR management tactic

From Google:

OPTUS

[Drip feed] refers to the criticism leveled at Optus for the way it released information about the 2022 data breach to the public. The criticism suggests Optus did not disclose all details about the breach at once, instead releasing information in stages over time, which caused public and political confidence to erode.

Here's a more detailed explanation:
  • Initial Announcement:
    Optus initially stated that the cyberattack affected around 150,000 customers, with details like names, birthdates, phone numbers, and email addresses exposed.

  • Subsequent Revelations:
    Later, Optus revealed the breach was much larger, potentially affecting between 2.5 million and 9.7 million customers. Further, the exposed information included not just basic contact details, but also passport and driver's license numbers for a subset of customers.

  • Criticism of the Approach:
    This gradual release of information, or "drip feed," was criticized for eroding public trust and making it harder for affected customers to understand the full scope of the breach and take appropriate steps to protect themselves.

  • Impact on Confidence:
    The "drip feed" approach was seen as a failure in crisis management, with experts suggesting that getting all the bad news out at once is crucial for maintaining public confidence.



Another example.

EBSWORTH

www.smh.com.au

More sensitive Optus data leaked in major cyberattack on law firm

Dozens of government departments and agencies are scrambling to find out how much data has been breached in an attack by Russian hackers on an Australian law firm.
www.smh.com.au www.smh.com.au

"“It is not good enough that we keep learning by a drip feed in the media every week of a new government agency, or new pieces of sensitive information they were holding, that has been breached in the HWL Ebsworth attack,” Paterson said.




Latitude
  • The Breach:
    In March 2023, Latitude Financial Services experienced a significant cyberattack that resulted in the theft of personal information from millions of current and former customers, as well as applicants.

  • Drip Feed of Information:
    Initially, Latitude reported that approximately 328,000 identification documents were stolen, including driver's licenses and passport details. However, as the investigation progressed, Latitude updated the Australian Stock Exchange with more details about the extent of the breach, revealing that the theft included driver's licenses of approximately 7.9 million Australians and New Zealanders and passport numbers of about 53,000 customers.
 
SYD said:
It’s unfortunate that they didn’t breakdown “Name”. ie was it just Surname? Or Full name including middle name or just middle initial etc.
Click to expand...

Well for most QF doesn’t even have full middle names.

Unless you’re worried people will find out you’re Vegan probably don’t have anything to worry about.

Qantas themselves have leaked names and FF numbers on a couple of occasions thanks to their IT work experience kids.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

... and 30 more.
Total: 1,106 (members: 80, guests: 1,026)
Back
Top