QANTAS Cyber Incident

[RSD]

But according to a few on here, its OK as your data is already out there....

Mine wasn't - until this Qantas data breach

 

[Port Power]

Another email advising me that ALL my data has been hacked (name, address, FF number, activity, etc), but not PIN or bank details. Call the provided number if I am concerned. Meanwhile, don’t answer emails that look like scams, take care, etc, etc, blah, blah. All in all it reads as if it is my fault that my data at Qantas was hacked, and I need to take more care and responsibility. Nothing about Qantas being at fault for not having better firewalls, nor an apology. Not happy, Jan!

Edit: Sorry, Vanessa did finish with “sincere apologies”. More of an afterthought.

 

[RSD]

1000th post on this thread - QF email has landed!

Welcome to the party...

 

[SeatBackForward]

At this point QF are better off advising customers what WASN'T hacked..

 

[clifford]

Email from Qantas has just landed: it looks like a full house of possible data that was stolen.

Nice to know they've got my best interests at heart. When's the class action commencing?

 

[kpc]

Another email advising me that ALL my data has been hacked (name, address, FF number, activity, etc), but not PIN or bank details. Call the provided number if I am concerned. Meanwhile, don’t answer emails that look like scams, take care, etc, etc, blah, blah. All in all it reads as if it is my fault that my data at Qantas was hacked, and I need to take more care and responsibility. Nothing about Qantas being at fault for not having better firewalls, nor an apology. Not happy, Jan!

Got the same email:


Our analysis has found that the following types of your data held on the compromised system was accessed:
Address
Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number
Gender

Great Qf!

 

[Port Power]

Got the same email:


Our analysis has found that the following types of your data held on the compromised system was accessed:
Address
Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number
Gender

Great Qf!

With all that information, a hacker can now get into just about any account and request to change the password. Are bank accounts about to be emptied?

 

[I love to travel]

Just got the email. Everything bar meal preference. Senate Inquiry into hacks may be in order me thinks

 

[Be.au]

At this point QF are better off advising customers what WASN'T hacked..

That's been in pretty much every email....
From today's email

'd like to reassure you that our investigation has reaffirmed that no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.

There continues to be no impact to Qantas Frequent Flyer accounts. Passwords, PINs and log in details were not accessed or compromised. The data that was compromised is not enough to gain access to these Frequent Flyers accounts.

Post automatically merged: Yesterday at 8:35 PM

With all that information, a hacker can now get into just about any account and request to change the password. Are bank accounts about to be emptied?

Do you log into your bank account with your QFF number? Not sure how someone is supposed to log into your bank

 

[jimmy hutspah]

Another email advising me that ALL my data has been hacked (name, address, FF number, activity, etc), but not PIN or bank details. Call the provided number if I am concerned. Meanwhile, don’t answer emails that look like scams, take care, etc, etc, blah, blah. All in all it reads as if it is my fault that my data at Qantas was hacked, and I need to take more care and responsibility. Nothing about Qantas being at fault for not having better firewalls, nor an apology. Not happy, Jan!

Edit: Sorry, Vanessa did finish with “sincere apologies”. More of an afterthought.

It really is Abysmal Comms 101. Is Todd Sampson still advising or something?

 

[Melburnian1]

Nice to know they've got my best interests at heart. When's the class action commencing?

On balance, class actions - which appear to have originated in (you guessed it, the USA) are not the magic pudding some believe they are.

The Black Saturday bushfires class action in Victoria incurred an incredible A$60 million in legal costs. Barristers and solicitors tend to be the real - and sometimes the only - winners.

Surely for a class action to have any chance of success, 'harm' must be proven on the balance of probabilities, it being a civil case.

So far, from what one reads, there's yet to be an indication that the allegedly stolen data has been nefariously used by so-called 'bad actors'.

Nor do we know if QF has paid a ransom. (I hope it refuses to.)

 

[MELso]

Finally got my email. Only 7 of 11. The Qantas ones have subsequently changed and the non-Qantas ones have already leaked out so that means in the grand scheme of things, it's not too bad for me.

My data points:

• Name (leaked)
• Email address (leaked)
• Qantas Frequent Flyer number
• Tier (changed)
• Points balance (changed)
• Status Credits (changed)
• Phone number (leaked)

 

[moa999]

And finally a 2nd email for me..
10 points of data.

Would have been useful if they'd told us the specific info leaked (eg. If told I was Gold with 999,999 pts in my account) id more clearly know that the email is fake and based on the data breach.
Edit - I see they will make this available on the Qantas website later.

As it is I've just spent some points so think in my case it would be obvious, but may not be for others.

The rest of the the info, while I'm not happy about, is not particularly concerning imho.
Similar information is available for Company Directors for example - Disclosure of personal information on ASIC's Registers | ASIC

 

[muppet]

I am not happy and agree the completeness of my personal details that have been leaked is very frustrating, but just to counter some of the points, Qantas has acknowledged blame and apologised in these emails.

This was sentence #3:

I know this incident has been concerning and I am deeply sorry for the uncertainty this has caused.

I actually think Qantas comms have been good. Initial was timely and broad (bulk email, and public media), second was direct to those affected and third detailed exactly what was lost (i got mine tonight - full dataset except meals).

The email tonight also indicated we’d be able to logon and see what data was leaked so that is helpful too.

Now that said, I am annoyed, why does QFF need to make this data so accessible to all agents.

 

[CaptainCurtis]

The email tonight also indicated we’d be able to logon and see what data was leaked so that is helpful too.

I wonder if this will be a regurgitation of the data points in the email, or if it will actually list out the address leaked? I would love to know if it's my home address, or a hotel address.

 

[Flyfrequently]

The dedicated phone line seems like nothing more than an outsourced crisis management centre who have a script of things they can follow, or as in my case, offer to have someone follow up via email.

At least you had an offer to have someone follow up by email @Supersonic Swinger . All I got was call 13 11 31 or email Customer Care - but reassured my account is safe!

I'm not expecting much

Ditto

 

[DejaBrew]

Finally received email #3. Missed a few options from my bingo card...

 

[mick]

I haven't received the initial emails from Qantas regarding this issue but did get one today advising:

Our analysis has found that the following types of your data held on the compromised system was accessed:
Address
Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number

Still, it's nice to know that Vanessa (that's how it's signed) takes it seriously and "sincerely apologises".

I just received exactly the same. Ergh.

 

[Flyfrequently]

Beginning to feel a little left out of the party now. Still waiting on email #3 to advise what details were leaked...


Just...

@DejaBrew
Patience Grasshopper

 

[Himeno]

I have just been hit twice with requests to port my mobile number (the one leaked in the Qantas hack) to a new account.....

How did you know someone was trying to port your number?

My phone kept claiming that it didn't have a SIM card randomly a number of times today (while actively using said SIM card). It did the same thing last Friday as well, but not as frequently.
Not sure if it's someone trying to steal the number or because the SIM card is fairly old.