QANTAS Cyber Incident

[outthere1000]

2nd email received this arvo

Our cyber security teams have undertaken an investigation and we can confirm that the following types of your data held on the compromised system was accessed:

Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number

Same. After sending me an email last night saying that only my name, FF number and tier had been accessed, they sent me another one today (which went to my spam folder) telling me that all of the above eight items have been stolen. THANK YOU FOR NOTHING, QANTAS.

 

[kelvedon]

2nd email received this arvo

Our cyber security teams have undertaken an investigation and we can confirm that the following types of your data held on the compromised system was accessed:

Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number

Same here

 

[RooFlyer]

This should be free for everyone to read

Qantas hack will haunt affected customers for a long time, experts warn

With data of millions of Qantas customers out there, one security expert has warned that hackers will “have a very clean, very targeted list” of future victims.

www.theage.com.au

It will be interesting I think to also see (albeit from a distance) how the Board approach this - the Chairmans Lounge book suggested they were very hands off during AJ years. Time for more input about treating the customer well in these situations?

Thanks. The article made the point that I and some others have been making. Its not the threat to our Qantas accounts necessarily, but the incremental (and perhaps updating) compilation of data thats 'out there' to be a greater menace to our other on-line log-ins.

______

Interesting to see reports now coming in here of much more data taken. The initial reports here were only the minimal loss types.

 

[LondonAussie]

I just found mine in the spam folder from [email protected]

 

[Himeno]

2nd email received this arvo

Our cyber security teams have undertaken an investigation and we can confirm that the following types of your data held on the compromised system was accessed:

Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number

I just got the same list.
Not too fussed about most of it. That email address isn't used with the majority of other company/government/utility/banking stuff. I almost never get any spam to that account anyway.
Phone number, well I don't answer calls from numbers I don't know anyway. Might only be an issue if someone tried to clone it to another SIM card.

 

[dajop]

2nd email received this arvo

Our cyber security teams have undertaken an investigation and we can confirm that the following types of your data held on the compromised system was accessed:

Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number

Same. I'm considering to start migrating my key Australian bank and other accounts to different email address and/or phone number.

I have less concerns with the accounts I have where I live though, in Singapore, as almost everything has 2FA via phone push notifications, most of my accounts have the ability to implement money locks and the National Identity Card number is the primary form of identification.

 

[Himeno]

Thanks. The article made the point that I and some others have been making. Its not the threat to our Qantas accounts necessarily, but the incremental (and perhaps updating) compilation of data thats 'out there' to be a greater menace to our other on-line log-ins.

If only things like incogni were usable in Australia. (They rely on laws like PIPEDA [Canada], GDPR [EU/UK], and CCPA [California], so aren't available in places without similar laws)

 

[ellen10]

My husband just got his next email, they got
Name
Email address
Qantas Frequent Flyer number
Tier
Points balance ( did not have his points balance)
Status Credits (did not have status credits)
Date of birth
Phone number

Annoyed as it is his main email and phone number, for banking and credit cards.

I still have not received the next email. Makes me worried what else they have of mine.

Like Quote Reply

 

[Aeryn]

Same. After sending me an email last night saying that only my name, FF number and tier had been accessed, they sent me another one today (which went to my spam folder) telling me that all of the above eight items have been stolen. THANK YOU FOR NOTHING, QANTAS.

So perhaps they spent today redoing the notifications they stuffed up yesterday because they still haven't bothered to send me the promised details of what was leaked and we are almost at 48 hour mark since they started notifying customers.

 

[kookaburra75]

Thanks. The article made the point that I and some others have been making. Its not the threat to our Qantas accounts necessarily, but the incremental (and perhaps updating) compilation of data thats 'out there' to be a greater menace to our other on-line log-ins.

If only things like incogni were usable in Australia. (They rely on laws like PIPEDA [Canada], GDPR [EU/UK], and CCPA [California], so aren't available in places without similar laws)

I too got the "full house" email, covering the full range of my data. I think it's more than just a data dump from Salesforce. And with the commercialisation of cyber-crime "hacking-as-a-service", the same as they do for scamming-as-a-service, it all goes into a big database, accessible for a price.

Introducing something along the lines of GDPR would be very welcome.

 

[clifford]

So perhaps they spent today redoing the notifications they stuffed up yesterday because they still haven't bothered to send me the promised details of what was leaked and we are almost at 48 hour mark since they started notifying customers.

Yes, I'm in the same situation.

 

[edwina86]

2nd email received this arvo

Our cyber security teams have undertaken an investigation and we can confirm that the following types of your data held on the compromised system was accessed:

Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number

Me too

Is that enough PII to make flight bookings over the phone? Like they have all my details…

 

[Aeryn]

https://www.qantas.com/au/en/support/information-for-customers-on-cyber-incident.html calls out that "Customer records are based on unique email addresses, and customers with multiple email addresses may have multiple accounts.  "

Which again points to Salesforce since in many instances a case would be created based on a Contact Us/Complaint case from the web or raised on customer behalf over the phone or at airport which may or may not have a QF FF# attached; but which Manila were involved somehow.

It also specifies "Address - This is a combination of residential addresses and business addresses including hotels for misplaced baggage delivery." again hints at a case being raised to locate and deliver lost luggage.

 

[SYD]

Received the first of 2 expected details emails.

First is for QBR

Address (no info on which address)
Name
Email address
Phone number (don’t know which one(s)??)

 

[Flyfrequently]

Mr Flyfrequently  lucked in today with email #3
Score = 8/9, no meal preference.

Name
Email address
Qantas Frequent flyer number
Tier
Points Balance
Status credits
Date of Birth
Phone Number

He hasn't called Qantas in ages but I spoke to Qantas Cash 30 June ? Manila and Qantas FF on 12 June - she acknowledged she was in Manila.

No email #3 for me........yet.

 

[OzzRod]

Me too.
Name
Email address
QFF number
Points balance
Status Credits
Tier
Date of Birth
Phone number (no indication of whether that was my mobile or old land-line).

I have just requested a freeze on my credit report via Experian, on-line. They offer to pass on the request to the other credit agencies. Initial ban is for 21 days but can be extended. No charge.

Mightily p*****d off with Qantas. No excuse for this given hacks of other major corporates going back at least a couple of years. Not to mention the FBI's specific warning to the aviation industry on June 27.

Not at all impressed either by the tone of Qantas' communications. I have no confidence at all that it is concerned about the possible consequences for its customers.

 

[ayebee]

Also got the 3rd email today with similar list, except no points balance or status tier.

Found it interesting wife had not received any previous emails but also received the same "#3" email today with the same list of details. (& yes we checked spam folders).

 

[ellen10]

Me too.
Name
Email address
QFF number
Points balance
Status Credits
Tier
Date of Birth
Phone number (no indication of whether that was my mobile or old land-line).

I have just requested a freeze on my credit report via Experian, on-line. They offer to pass on the request to the other credit agencies. Initial ban is for 21 days but can be extended. No charge.

Mightily p*****d off with Qantas. No excuse for this given hacks of other major corporates going back at least a couple of years. Not to mention the FBI's specific warning to the aviation industry on June 27.

Not at all impressed either by the tone of Qantas' communications. I have no confidence at all that it is concerned about the possible consequences for its customers.

My husband once he got the 3rd email tonight is super mad.

He fired off an angry email to Qantas tonight. Not that I think he will get a response. But it got it off his chest for now.

 

[VHOEJ]

Third email received. Other than the constant apology and claim they will improve security, they really haven't offered much to everyone impacted. Really not good enough.

 

[Lukabs]

Yes, I've been notified by Qantas as being involved in the data breach.
Questioning whether I should change the phone number and email that I use for Qantas, I do have alternatives.