QANTAS Cyber Incident
- Thread starter Princess Fiona
- Start date
- Featured
- Joined
- Oct 4, 2013
- Posts
- 1,034
- Qantas
- Silver Club
Nothing's sacred! Lol
Telemachus
Member
- Joined
- Sep 10, 2021
- Posts
- 148
- Qantas
- LT Gold
- Virgin
- Red
Thank you to those who posted about their discouraging experience in phoning the dedicated line which appears designed to offer all assistance short of actual help.
I had planned to try that phone service after receiving the 3rd email this morning (10 data fields compromised so all except meal pref). Instead I drafted a response to QF's email but found it would go to <[email protected]>. Just great.
So I resorted to an online Customer Care form. Told them the PII that had been compromised had the potential to facilitate identity theft and related fraud and I awaited advice on practical action QF would now take to reduce the risk of that occurring. I suggested they might start by signing me up to a credit monitoring service such as Equifax Credit Protect.
I had planned to try that phone service after receiving the 3rd email this morning (10 data fields compromised so all except meal pref). Instead I drafted a response to QF's email but found it would go to <[email protected]>. Just great.
So I resorted to an online Customer Care form. Told them the PII that had been compromised had the potential to facilitate identity theft and related fraud and I awaited advice on practical action QF would now take to reduce the risk of that occurring. I suggested they might start by signing me up to a credit monitoring service such as Equifax Credit Protect.
Supersonic Swinger
Active Member
- Joined
- Aug 15, 2006
- Posts
- 934
- Oneworld
- Emerald
- SkyTeam
- Elite Plus
Let us know if you get any response.
The dedicated phone line seems like nothing more than an outsourced crisis management centre who have a script of things they can follow, or as in my case, offer to have someone follow up via email.
I'm not expecting much, given the hypocrisy of them suggesting "Do not provide your online account passwords, or any personal or financial information" in an email notifying me that they have done exactly that, with my personal information.
- Joined
- Jan 13, 2010
- Posts
- 562
- Qantas
- Platinum
QBR details also leaked (sigh again) - presume just QBR Account Manager business contact details:
Address
Name
Email address
Phone number
Address
Name
Email address
Phone number
iflyineconomy
Junior Member
- Joined
- Jun 9, 2025
- Posts
- 11
9 for me and the business account too.
I hope we have some legal genius who is sufficiently pissed off to make it hurt them in the only place they care. The hip pocket.
I hope we have some legal genius who is sufficiently pissed off to make it hurt them in the only place they care. The hip pocket.
LondonAussie
Member
- Joined
- Jan 25, 2022
- Posts
- 215
- Qantas
- Platinum
I’m another one where they seemed to get almost everything:
I do have to give credit to Qantas for being this transparent and detailed about what data was exposed for me. I’ve been in many breaches before and I think this is the first where I’ve had a personalised message about what data was taken, and been proactively communicated details about it personally rather than having to ask or search myself.
- Address
- Name
- Email address
- Qantas Frequent Flyer number
- Tier
- Points balance
- Status Credits
- Date of birth
- Phone number
I do have to give credit to Qantas for being this transparent and detailed about what data was exposed for me. I’ve been in many breaches before and I think this is the first where I’ve had a personalised message about what data was taken, and been proactively communicated details about it personally rather than having to ask or search myself.
- Joined
- Nov 12, 2012
- Posts
- 29,825
- Qantas
- Platinum
- Virgin
- Platinum
- Star Alliance
- Gold
For a laugh, I again called IDCare - after I submitted a case a week or so ago and received no response.
Now they aren't even answering the phone - just refer me to the on-line form with the Qantas code of QANT25 (which they ignore).
In this on-line form, they require country of residence, state and postcode (FFS - WHY?), phone number, e-mail etc etc.
Where are our Qantas apologists to explain that all this is no problem?
Supersonic Swinger
Active Member
- Joined
- Aug 15, 2006
- Posts
- 934
- Oneworld
- Emerald
- SkyTeam
- Elite Plus
That is required so that the hackers can cross-match this data in a future leak from an outsourced call centre with the data leaked in this one.
- Joined
- Mar 26, 2017
- Posts
- 2,350
- Qantas
- LT Gold
- Virgin
- Gold
They're not a Defence Industry Security Program (DISP) member, nor would they have a need to handle sensitive/classified material. But, I suspect the travel agents who have the Defence travel contract will be asked some very probing questions about what they use and enter into Qantas' systems - but that won't even get to deckchair & popcorn level entertainment for those of us
And going back to my 'sorry' email, as I don't have a meal preference loaded into the system, 10/11 is the best I could ever get (sigh)
drron
Veteran Member
- Joined
- Jul 4, 2002
- Posts
- 36,655
Mrsdrron hasn't got her third email yet. I am predicting she has a 12th subject leaked.
The name of the fellow she sleeps with
The silly thing is that I am the one who rings QF for Mrsdrron as she hates that sort of thing. she is sitting beside me and confirms with the agent that she wants me to deal with the problem. I always rang on my phone. We were never asked for her phone number . The number I always used is a number no longer associated with me. So if they have leaked her phone number t has been accessed via her account.
The name of the fellow she sleeps with
The silly thing is that I am the one who rings QF for Mrsdrron as she hates that sort of thing. she is sitting beside me and confirms with the agent that she wants me to deal with the problem. I always rang on my phone. We were never asked for her phone number . The number I always used is a number no longer associated with me. So if they have leaked her phone number t has been accessed via her account.
- Joined
- Nov 7, 2008
- Posts
- 255
- Qantas
- Gold
- Virgin
- Platinum
I have just been hit twice with requests to port my mobile number (the one leaked in the Qantas hack) to a new account.....
Just received similar updated data breach advice from Qantas..I am not that concerned as I don't have many points left and aside from my full FF details most of what was taken 20 years ago would have been in the phone book.There is no such thing as a completely safe IT system. Still I will make a few security changes regarding my emails most likely move it to an encrypted service.
- Joined
- Nov 12, 2012
- Posts
- 29,825
- Qantas
- Platinum
- Virgin
- Platinum
- Star Alliance
- Gold
So IDCare has now got their auto-reply set up. As I said, they no longer answer the phone, and they direct you to fill out the form. Take a few mins to read the tripe they reply with. This is what Qantas thinks is "dealing with customer concerns".
Note also that it 'claims' to be an Aust/NZ company. When I called originally, and got through, it was the UK.
______________
Thank you for contacting IDCARE. I am sorry to hear you have been impacted by the recent Qantas data breach incident.
IDCARE is a not-for-profit charity that works to support members of the community who experience the exposure of personal information and any misuse events, whether they occur online or in the physical world. We have worked on Australia and New Zealand’s largest data breach events and supported tens of thousands of people across our community that have experienced the compromise or exposure of their information.
I know receiving a notification about a data breach event can be unsettling. We have learnt from assisting in over a thousand data breach events that identity theft or the misuse of individual's information is extremely low following a data breach. Generally, impacted individuals don’t experience anything else beyond the disappointment of being notified. We do however, acknowledge that when personal, account or credential information is accessed by anyone outside of the intended recipient it is not an ideal outcome.
Compromised Information
Qantas has advised IDCARE that one or more of the below items may have been compromised as part of this breach:
Full name,
Address
Phone number
Email address
Date of birth
Frequent Flyer Number
Frequent Flyer tier/points/status
Gender
Please defer to your notification for confirmation of what information has been compromised for your individual situation.
Note: Qantas have advised that no credit card details or passport information was compromised as a part of this incident. Frequent Flyer log in details/passwords were also not compromised.
You may wish to visit the Qantas Media Releases page for additional general information. You can also contact the Qantas dedicated support line, on 1800 971 541 or +61 2 8028 0534 if you have further questions or concerns about the incident or information involved. For any account related questions, please call 13 13 13.
How Does IDCARE Measure Risk?
IDCARE measures risk of future identity misuse based on the nature of the credentials compromised. Personal particulars such as name, address, date of birth, phone number and email address are credentials that alone are low risk of direct future misuse. In most cases what is of real value to identity thieves are passports, driver licences, credit card details and banking username and login details.
Retention of Personal Information and Privacy Concerns
Any matters in relation to privacy concerns or the retention of your personal information will need to be raised directly with Qantas, as a first step. If you have further questions or concerns about thereafter, you can seek advice from the Office of the Australian Information Commissioner (OAIC). Their number is: 1300 363 992, alternatively, you may wish to visit their website for more information.
Scam Engagement and Reducing the risk
Please be mindful of the potential for scam contact where compromised information may be referenced in an attempt to falsely verify the engagement. The risk of future misuse via phishing emails and telephone/SMS scams may increase when any personal information has been compromised. This includes, but is not limited to, incoming contact impersonating the breached organisation. Some individuals involved in a data breach report observing an increase in phishing contact. Please be mindful that this may not be a direct correlation to the breach event itself. It is possible that contact information, such as an email address and/or phone number may have been compromised at some stage in another online breach. You may wish to check whether your contact details have been compromised in any other online breaches. If you detect this, we recommend updating any compromised passwords, ensuring these are unique across all important online accounts and consider setting up Multi-Factor Authentication (MFA). For more information about this you can watch our Multi-Factor Authentication Guide video on the IDCARE website.
Be cautious of clicking on links in emails or text messages. Do not be pressured to respond, whether it is by email, text message or telephone. Instead, contact the organisation directly using contact details you know to be correct.
Protect your accounts with multifactor authentication, including financial, government, email, and social media accounts.
Use unique and strong passwords.
It is always a good idea to regularly review your account details and security settings. Check that your contact details are correct, and changes have not been made to any linked bank accounts or other services.
If you suspect any communication from IDCARE is not legitimate please confirm with IDCARE using alternative contact channels (see www.idcare.org). Our charity and community services DOES NOT accept payment from individuals for Case Management services.
If you ever need to contact us again, your Client Reference Number with IDCARE is xx_xx_. Please quote this in the subject line if you email at [email protected], or when submitting a Get Help Form.
Thanks again for reaching out to us.
Regards
xx_X
Identity & Cyber Security Case Manager
National Case Management Centre, IDCARE
Australia New Zealand
PO Box 412 PO Box 54
Caloundra, QLD, 4551 Napier, New Zealand, 4110
Individuals: 1800 595 160
Organisations: 1800 595 170 Individuals: 0800 121 068
Organisations: 0800 121 070
www.idcare.org
Disclaimer:
IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. IDCARE is a not-for-profit and registered Australian charity.
The Services provided do not constitute legal advice. IDCARE recommends that you consult your own independent legal counsel in relation to your rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
To the extent the Services are based on information and documents that you have provided, IDCARE has not verified the accuracy of the information and documents and accepts no responsibility for the accuracy of the information and documents.
While every effort has been made to ensure the accuracy of the information in this email, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of these Services which might otherwise be binding upon IDCARE are excluded.
IDCARE’s liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limited liability for any negligent act or omission, or statement, representation or misrepresentation of any offences, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed as a result of any recommendations made in the course of providing the Services.
The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document and IDCARE will not be liable to any other person who may receive this document.
Note also that it 'claims' to be an Aust/NZ company. When I called originally, and got through, it was the UK.
______________
Thank you for contacting IDCARE. I am sorry to hear you have been impacted by the recent Qantas data breach incident.
IDCARE is a not-for-profit charity that works to support members of the community who experience the exposure of personal information and any misuse events, whether they occur online or in the physical world. We have worked on Australia and New Zealand’s largest data breach events and supported tens of thousands of people across our community that have experienced the compromise or exposure of their information.
I know receiving a notification about a data breach event can be unsettling. We have learnt from assisting in over a thousand data breach events that identity theft or the misuse of individual's information is extremely low following a data breach. Generally, impacted individuals don’t experience anything else beyond the disappointment of being notified. We do however, acknowledge that when personal, account or credential information is accessed by anyone outside of the intended recipient it is not an ideal outcome.
Compromised Information
Qantas has advised IDCARE that one or more of the below items may have been compromised as part of this breach:
Full name,
Address
Phone number
Email address
Date of birth
Frequent Flyer Number
Frequent Flyer tier/points/status
Gender
Please defer to your notification for confirmation of what information has been compromised for your individual situation.
Note: Qantas have advised that no credit card details or passport information was compromised as a part of this incident. Frequent Flyer log in details/passwords were also not compromised.
You may wish to visit the Qantas Media Releases page for additional general information. You can also contact the Qantas dedicated support line, on 1800 971 541 or +61 2 8028 0534 if you have further questions or concerns about the incident or information involved. For any account related questions, please call 13 13 13.
How Does IDCARE Measure Risk?
IDCARE measures risk of future identity misuse based on the nature of the credentials compromised. Personal particulars such as name, address, date of birth, phone number and email address are credentials that alone are low risk of direct future misuse. In most cases what is of real value to identity thieves are passports, driver licences, credit card details and banking username and login details.
Retention of Personal Information and Privacy Concerns
Any matters in relation to privacy concerns or the retention of your personal information will need to be raised directly with Qantas, as a first step. If you have further questions or concerns about thereafter, you can seek advice from the Office of the Australian Information Commissioner (OAIC). Their number is: 1300 363 992, alternatively, you may wish to visit their website for more information.
Scam Engagement and Reducing the risk
Please be mindful of the potential for scam contact where compromised information may be referenced in an attempt to falsely verify the engagement. The risk of future misuse via phishing emails and telephone/SMS scams may increase when any personal information has been compromised. This includes, but is not limited to, incoming contact impersonating the breached organisation. Some individuals involved in a data breach report observing an increase in phishing contact. Please be mindful that this may not be a direct correlation to the breach event itself. It is possible that contact information, such as an email address and/or phone number may have been compromised at some stage in another online breach. You may wish to check whether your contact details have been compromised in any other online breaches. If you detect this, we recommend updating any compromised passwords, ensuring these are unique across all important online accounts and consider setting up Multi-Factor Authentication (MFA). For more information about this you can watch our Multi-Factor Authentication Guide video on the IDCARE website.
Be cautious of clicking on links in emails or text messages. Do not be pressured to respond, whether it is by email, text message or telephone. Instead, contact the organisation directly using contact details you know to be correct.
Protect your accounts with multifactor authentication, including financial, government, email, and social media accounts.
Use unique and strong passwords.
It is always a good idea to regularly review your account details and security settings. Check that your contact details are correct, and changes have not been made to any linked bank accounts or other services.
If you suspect any communication from IDCARE is not legitimate please confirm with IDCARE using alternative contact channels (see www.idcare.org). Our charity and community services DOES NOT accept payment from individuals for Case Management services.
If you ever need to contact us again, your Client Reference Number with IDCARE is xx_xx_. Please quote this in the subject line if you email at [email protected], or when submitting a Get Help Form.
Thanks again for reaching out to us.
Regards
xx_X
Identity & Cyber Security Case Manager
National Case Management Centre, IDCARE
Australia New Zealand
PO Box 412 PO Box 54
Caloundra, QLD, 4551 Napier, New Zealand, 4110
Individuals: 1800 595 160
Organisations: 1800 595 170 Individuals: 0800 121 068
Organisations: 0800 121 070
www.idcare.org
Disclaimer:
IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. IDCARE is a not-for-profit and registered Australian charity.
The Services provided do not constitute legal advice. IDCARE recommends that you consult your own independent legal counsel in relation to your rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
To the extent the Services are based on information and documents that you have provided, IDCARE has not verified the accuracy of the information and documents and accepts no responsibility for the accuracy of the information and documents.
While every effort has been made to ensure the accuracy of the information in this email, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of these Services which might otherwise be binding upon IDCARE are excluded.
IDCARE’s liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limited liability for any negligent act or omission, or statement, representation or misrepresentation of any offences, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed as a result of any recommendations made in the course of providing the Services.
The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document and IDCARE will not be liable to any other person who may receive this document.
- Joined
- Oct 13, 2013
- Posts
- 16,747
Yay finally getting some emails. Was getting worried we would be left out of the party.
There'sOnlyOneJimmy
Active Member
- Joined
- Jun 3, 2014
- Posts
- 805
- Qantas
- Bronze
- Virgin
- Red
Here’s another twist in the tail…
Mrs Jimmy got the 3rd email on Wednesday saying Name & Email data leaked.
Now today, Friday at about 5pm (trash time), she gets another one (4th), saying ooops, we leaked your Phone Number too…
Edit: And now I have a 4th email to also include Phone Number.
Mrs Jimmy got the 3rd email on Wednesday saying Name & Email data leaked.
Now today, Friday at about 5pm (trash time), she gets another one (4th), saying ooops, we leaked your Phone Number too…
Edit: And now I have a 4th email to also include Phone Number.
Elevate your business spending to first-class rewards! Sign up today with code AFF10 and process over $10,000 in business expenses within your first 30 days to unlock 10,000 Bonus PayRewards Points.
Join 30,000+ savvy business owners who:
✅ Pay suppliers who don’t accept Amex
✅ Max out credit card rewards—even on government payments
✅ Earn & transfer PayRewards Points to 10+ airline & hotel partners
Start earning today!
- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners
Join 30,000+ savvy business owners who:
✅ Pay suppliers who don’t accept Amex
✅ Max out credit card rewards—even on government payments
✅ Earn & transfer PayRewards Points to 10+ airline & hotel partners
Start earning today!
- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners
33kft
Established Member
- Joined
- Jun 19, 2018
- Posts
- 2,067
- Qantas
- Platinum
- Virgin
- Gold
- Oneworld
- Emerald
If I were in your position I'd switch to an authenticator app ASAP. I don't think they're just going to stop at 2 attempts, although I also don't really think this is related to the Qantas breach, I'm not sure people realise how polished groups like Scattered Spider (the threat actor purportedly involved) are, they don't care about your points, they want Qantas to pay them millions in ransom money, if they go meddling with individual accounts they lose their leverage, which is essentially that we have your data and can make it disappear for the right price. Their victims trusting that promise is literally worth millions to them.
lovestotravel
Senior Member
- Joined
- Sep 18, 2008
- Posts
- 7,146
- Joined
- Nov 7, 2008
- Posts
- 255
- Qantas
- Gold
- Virgin
- Platinum
Cool, followed protocol and messaging my provider (Optus) of the attempt……. Current stage in the conversation:
“Nothing to worry, to avoid this kind of scenario I have a suggestion.….But first, I’d like to know how much data you use on your mobile since this number is on a prepaid plan. The reason why I asked, since you want to keep your number and avoid this kind of scenario. I highly suggest to move your number to Postpaid plan. I can provide you some of our plans that you might want to consider.”
Great help?
Become an AFF member!
Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!
AFF forum abbreviations
Wondering about Y, J or any of the other abbreviations used on our forum?Check out our guide to common AFF acronyms & abbreviations.
