QANTAS Cyber Incident

[gtrod]

Yep but most people would have the app with push notifications enabled so you’d see “available for check in” and “now boarding” etc.

I've never had a notification from the App, it's always come via SMS to the number specified at booking (which can be different from your QFF account, you can specify whatever number you want).

Qantas app also not appearing in my iphone list of notifications. Opening in the app I can see going to Settings->Notifications I can opt in to notifications. After opting in Qantas app now appears in the iphone notifications screen.

Not default behaviour though, you need to Opt In. Might be different on android.

 

[lovestotravel]

and DOB

I do find it disappointing that they have given full stats to the media ahead of notifying customers of their individual impact.

No company can/would send 6 million emails at once, they are staggered, also to avoid being flagged as spam by ISP's etc.

Could take up to 3 days IMO

 

[justinbrett]

I've never had a notification from the App, it's always come via SMS to the number specified at booking (which can be different from your QFF account, you can specify whatever number you want).

Qantas app also not appearing in my iphone list of notifications. Opening in the app I can see going to Settings->Notifications I can opt in to notifications. After opting in Qantas app now appears in the iphone notifications screen.

Not default behaviour though, you need to Opt In. Might be different on android.

It’s all very far fetched, people paying with their own money at the last minute (so very high fares) just to access the Qantas Club.

They’ll be found out eventually (when it credits) and Qantas has their credit card info if they wanted to refer to police for fraud.

Unless they’re also using a stolen credit card in which case just book business.

 

[gtrod]

They’ll be found out eventually (when it credits) and Qantas has their credit card info if they wanted to refer to police for fraud.

Will people really call up Qantas to complain if they notice a random flight in their history that gave them status credits and some points. Will most people even notice, or just think some random Qantas IT bug.

Are they going to demand Qantas take their points back and lower their balance? I think it'd be a pretty rare person calling up to complain.

When/If the data becomes public we'll see what the kids do with it.

 

[Captain Halliday]

VH will be appearing on The Business night at 8:45pm AEST on ABC News Channel and on iView, but the interview was recorded this arvo and can be seen on the ABC Business blog.

Unfortunately I can't link directly to the interview, but you can find it easily enough on the blog here: Live: ASX slips after RBA 'shock' rates decision, Trump announces more tariffs

Ducked the CL questions.

 

[justinbrett]

Will people really call up Qantas to complain if they notice a random flight in their history that gave them status credits and some points. Will most people even notice, or just think some random Qantas IT bug.

It’s a chance (people might be concerned the charges are going to their stored card) and chances of being caught increase as the tier increases (people travel more so more likely to spot it). Also QF system might flag the booking especially if conflicts with travel plans (ie a domestic flight while the real person is overseas).

But mainly it’s the higher fare.

When/If the data becomes public we'll see what the kids do with it.

Not this, I’m tipping.

 

[DejaBrew]

Unfortunately I can't link directly to the interview

Here you go

 

[Aeryn]

I would encourage you you read up on the requirements of the Continuous Disclosure rules.

Everyone has to be able to receive the announcement simultaneously - including those who aren't involved in the breach, and may not even be customers. But they may be buyers or sellers of the stock.

Market sensitive announcements cannot be trickled out to a subset of the market.

The usual route is via a company press release and a simultaneous announcement to the ASX

Except they notified the ASX and government and share holders a week ago, the share price didn't suffer and nothing in todays press releases have affected the share price either.

There is some seriously wrong with the world when the interests of share traders trumps the interests of those harmed by company actions.

IMO customers notifications should have been prioritized by impact, the more sensitive the data leaked the earlier you get contacted; but it seems to be happening the other way around where the least impacted have been notified early.

Hudson saying this morning customers want to know what was leaked ahead of knowing what compensation their will be. Yet 9 days after the event many of us still have no details.

 

[Aeryn]

Will people really call up Qantas to complain if they notice a random flight in their history that gave them status credits and some points.

If someone else credits there flight points or SCs to your account, there is a real risk Qantas consider this fraud; they have form in locking accounts if they think someone you transferred points to or received points from isnt an eligible relative.

I check my FF activity and bookings regularly, if i noticed a booking that wasn't mine I would cancel it.

 

[MELso]

The Age is reporting that some CL members are included in the breach…

Those poor CL members, having to slum it by calling Manila like that...

 

[ChrisMars]

Name, Tier, and QFF number is all you need. No login required to make a booking. No login required at Check in (just booking ref and name).

There's no ID checking on domestic flights. Simply book your flights as your favourite Platinum 1.

Enjoy the great seat selection, blocked seat beside you and free lounge access

2025 was the year to get P1. Can you imagine all those SC and miles just landing randomly?

 

[I love to travel]

Those poor CL members, having to slum it by calling Manila like that...

Actually that is a very good point. They have a dedicated phone line which is not Manila based. Hmm more questions now....

 

[offshore171]

There is some seriously wrong with the world when the interests of share traders trumps the interests of those harmed by company actions.

Let me try to explain why these rules exist under the Corporations Act. They apply to all listed companies and are necessary for the integrity of the financial system. Pretty much everyone's superannuation is dependent on this being heavily regulated.

Here's a hypothetical.

Imagine the Qantas hack turned out to be far worse.

Last week, Qantas said we were hacked. We think they got X, Y and Z, but not A, B C.

Then imagine by today, Qantas learned that the hackers also got passports, DL's, credit cards, PIN numbers, the absolute works for a subset of customers.

That probably would be materially market sensitive information and could be very costly for Qantas to "make good".

Law currently requires continuous disclosure, which would mean Qantas has to put out a universal public announcement before contacting individuals.

If instead of doing this, suppose Qantas starts emailing affected individuals. One of the first recipients is a dodgy hedge fund operator. He has now received info that the "market" has not yet been notified of. He can short the stock, which could have a devastating affect on confidence in financial markets. People have no idea why the stock is tanking. It gets contagious and other stocks are affected. Again, our super gets caught up in this.

As mentioned this is just a very hypothetical scenario, but you get the idea I hope. The law has to cover all sorts of scenarios, including the unforeseen. Ultimately, everyone has to be told at the same time via a public announcement.

 

[RSD]

Let me try to explain why these rules exist under the Corporations Act. They apply to all listed companies and are necessary for the integrity of the financial system. Pretty much everyone's superannuation is dependent on this being heavily regulated.

Here's a hypothetical.

Imagine the Qantas hack turned out to be far worse.

Last week, Qantas said we were hacked. We think they got X, Y and Z, but not A, B C.

Then imagine by today, Qantas learned that the hackers also got passports, DL's, credit cards, PIN numbers, the absolute works for a subset of customers.

That probably would be materially market sensitive information and could be very costly for Qantas to "make good".

Law currently requires continuous disclosure, which would mean Qantas has to put out a universal public announcement before contacting individuals.

If instead of doing this, suppose Qantas starts emailing affected individuals. One of the first recipients is a dodgy hedge fund operator. He has now received info that the "market" has not yet been notified of. He can short the stock, which could have a devastating affect on confidence in financial markets. People have no idea why the stock is tanking. It gets contagious and other stocks are affected. Again, our super gets caught up in this.

As mentioned this is just a very hypothetical scenario, but you get the idea I hope. The law has to cover all sorts of scenarios, including the unforeseen. Ultimately, everyone has to be told at the same time via a public announcement.

When QF32 popped the engine and started shedding bits and people in Indonesia were posting photos of debris on coughter the Qantas share price started tanking and even Alan Joyce wasn't aware of the incident before the share price had started tanking - it goes to show the need for the continuous disclosure rules.

 

[SeatBackForward]

Ultimately, everyone has to be told at the same time via a public announcement.

Except all those shareholders who somehow always have inside knowledge....

 

[Aeryn]

I dont need to be mansplaned to, the scenario you described is not the case here, Qantas share price has not tanked and todays media announcements haven't increased or decreased the risk originally reported last week.

If there was material new information and data breached was more serious then sure send out an update.

If the share price falls it impacts exec bonuses but not whether the airline can operate. Optus' share price fell following their breach, but no one lost all their super, the ASX didn't collapse. You are catastrophizing. One stock falling doesnt bring down the whole the market, and people absolutely would know why because the breach wasn't secret.

None of which excuses their tardiness in informing the harmed customers. Im still waiting for details; and all evidence to dates is indicating the longer you wait the worse your breach is (so they have approached it backwards).

Further all Hudson's comments about actions have reference Qantas systems yet we all know the breach happened in a 3rd Party system being at an outsourced call centre not in core qantas systems. There has been no discussion whatsover re what action t Qantas have asked/forced the call centre operator to take

 

[TheRealTMA]

Those poor CL members, having to slum it by calling Manila like that...

Na. They have “people” to do that for them!

 

[RooFlyer]

Here you go

Reasonable ... however

"Security will be enhanced".

"Offered our customer support services by phone". As I noted up-thread, I called and they simply assured me there was nothing to worry about. I then lodged a case on line and haven't heard anything. I wonder if she knows how useless that 'phone support' is/has been?

"Confirming today, for every customer, what information ..." I guess it then comes down to whether she meant we've sent the info out, or the info should be received.

 

[Aeryn]

"Confirming today, for every customer, what information ..." I guess it then comes down to whether she meant we've sent the info out, or the info should be received.

There isnt much of today left; if i dont get notified by midnight its another lie.

 

[RooFlyer]

There isnt much of today left; if i dont get notified by midnight its another lie.

Live interviews can be tricky. Interviewed by the AFR, she said

“Those emails are going to start being sent [on Wednesday] morning, but it’s going to be progressively emailed in batches, so it will take 24 to 48 hours to have that all finished and obviously the same support that we’ve had in place for customers will be continuing,” she said.