QANTAS Cyber Incident

The audacity of the email, informing us amongst other things:
  • Visit IDCARE's Learning Centre and the Office of the Australian Information Commissioner website for further information and resources on protecting personal information; and
  • Do not provide your online account passwords, or any personal or financial information.
Rather than telling me what I already know and do, they should have heeded their own hindsight advice! Especially the OAIC's page on "Sending personal information overseas"
 
Am still waiting for email #3, the longer it takes to be notified of breached information, the more it is likely to be.......🤦‍♀️?

On a lighter note, only wish they had disclosed Mr Flyfrequently's Gender.
Not having had a proper haircut in 18 months, he is now sporting a decent ponytail.
Only last night he was mistaken for '"who was that lady driving a blue car" when he dropped me off at a meeting 🤭
 
A random, off topic post apropos nothing…😉

In media and communications circles, Friday is known as “take out the trash day”. 🚮

It’s the day PR operatives typically release bad news.

It’s done in the hope of slipping under the radar.

By Friday people are tired and just want to get to the weekend. Journos included. Sometimes fewer will cover the bad news.

And even if they do, News consumption on Friday arvo/evening is generally lower than other times during the week. Maybe fewer people will see it.

Additionally, the news cycle and audience interest typically shifts to sport on Friday evening, especially in the football season.

Crisis management 101.
 
Has anyone called and asked what address, email address and phone number was in the data? We've moved in the last six months and I use a couple of email addresses and phone numbers
I was pondering that in an earlier post.
I love a QF bash as much as anyone but I honestly couldn’t care less about this if I’m being honest. Been hacked several times before and in this day and age it will probably happen many more times.
Sort of ditto after the Optus breach (which included my DL).

But, I would still recommend peeps be extra vigilant across a bunch of online accounts. If you can change email addresses, now’s a good time. If they have MFA, turn it on - use an Authenticator app if available, but don’t use the leaked email address for that!

Wisr has free accounts that provide credit reports/scores (Equifax and Experian), as well as Breach Alerts. Perhaps use the leaked email address (to monitor for breach alerts).
 
I just missed out on the full-house, likely because my meal preference was missing. There is no option to select "yes" as meal preference so I always leave it blank. 10 types of data affected,

As far as I am concerned, Tier, Points Balance, and Status Credits are of little concern since that content is fluid and not what would be considered PII data. But its the combination of Name, Address, Date of Birth, Phone number which are a serious breach of protecting Personally Identifiable Information.
 
Has anyone called and asked what address, email address and phone number was in the data? We've moved in the last six months and I use a couple of email addresses and phone numbers
Yes, telling me which fields of data have been taken, is not enough to determine what action to take. We need to know what the actual information was - is it still current information or historical and previous information.
 
The website FAQ was updated on Wednesday to say this ability is supposed to be coming by the end of the week (today?)


QANTAS Cyber Incident

It’s says you’ll be able to see the “types” of data, ie the same detail in the email.

It doesn’t say you’ll be able to see the data itself. As that data isn’t in the QF system personally I think the last thing QF should be doing is moving the data around.
 
Just received the email with the full deck. I kinda knew also that because my wife received hers days ago that it would be much worse for me.

I am extremely unhappy given that corporations like Qantas have had plenty of opportunity to avoid this but chose to partner up with 3rd party providers to save money but expose themselves in the process.

I rang the dedicated help line thinking it may have allowed me to express my views to QF, but they turned out to be another 3rd party provider who were not forwarding feedback to Qantas.

Some people have been brushing this off, but my information and everyone else's is being used by criminals to build profiles that only require 1 or 2 more pieces and you could lose a whole lot more than frequent flyer points.
 
I have just called the customer support line they provided in the email.

Irony of ironies, it appears to be outsourced, this time to Britain, and of course they had to ask for my details (apparently they hadn't purchased them from the hacker yet).

I asked whether Qantas will be indemnifying for any losses as a result of their release of our personally identifiable information, to which the response was they need to follow up and come back to me via email.
 
As far as I am concerned, Tier, Points Balance, and Status Credits are of little concern since that content is fluid and not what would be considered PII data. But it’s the combination of Name, Address, Date of Birth, Phone number which are a serious breach of protecting Personally Identifiable Information.
Tier, Points and Status Credits could be a concern as it could help hone in on “high value” or “active” accounts and put them more at risk of being targeted.
 
Tier, Points and Status Credits could be a concern as it could help hone in on “high value” or “active” accounts and put them more at risk of being targeted.

It may help reduce the “DYKWIA” scenarios though.
 
Tier, Points and Status Credits could be a concern as it could help hone in on “high value” or “active” accounts and put them more at risk of being targeted.

It also allows creation of very convincing phishing emails purporting to be from Qantas.

The fact that QF includes your FF#, Tier, Points and SC in marketing mails, used to be a nice way to quickly assess if a QF email was legit, since "who else would have that info?".

Well now the bad actors do.

Yes these data are variable, but unless someone is checking in the app every day, the Points and SC might look "close enough" to convince.

You and I might not fall for it, but plenty would. My parents or in-laws probably would, if I don't constantly remind them about such things.
 
Same here with the latest email - the whole lot given away. So much can be accessed with name, phone, email, address and DOB. As for the "remain alert" advice and other platitudes.... !!!! Visit IDCARE! How about Qantas ensure proper security over private information.

I really don't understand why users here are trying to parse it to blame Salesforce. It is Qantas , its CEO, and the Board of Qantas that are utlimately responsible for this, as they signed the deal, and it they who collect the information. And I hope each director has to pay up what every individual loses in this data leak, to the point of bankruptcy.
 
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

Been hit by this as well. At this point I wonder if there's anything practical I can do since my gut feeling is that there's little point trying to call the hotline number.
Have put a credit ban in place for now. Considering the data stolen I would hope at least a free sub to a credit/identity monitoring service is in order.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top