QANTAS Cyber Incident

RooFlyer said:
Seems to me we are due for another "look over there!!" DSC offer, or loyalty gift, or bonus points ...




That would be IDCare, reminding you that there is nothing to be concerned about. Your points are safe; nothing to worry about.
Click to expand...

I think it is not about whether my points are safe or my credit card details are safe, but rather I am more concerned about my identity being stolen and get impersonated to do something that I don't want or shouldn't do.

In particular what if someone is sending an email pretending my email address for some kind of scams?
 
The salesforce data captured by the attackers in this breach also included Vietnam Airlines customers.
haveibeenpwned.com

Have I Been Pwned: Vietnam Airlines Data Breach

In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.5M unique customer email addresses exposed following a breach...
haveibeenpwned.com haveibeenpwned.com

I received an alert from HateIBeenPwned on my VN account email address so I've also gone through and changed passwords there.
 
pauldab said:
The salesforce data captured by the attackers in this breach also included Vietnam Airlines customers.
haveibeenpwned.com

Have I Been Pwned: Vietnam Airlines Data Breach

In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.5M unique customer email addresses exposed following a breach...
haveibeenpwned.com haveibeenpwned.com

I received an alert from HateIBeenPwned on my VN account email address so I've also gone through and changed passwords there.
Click to expand...
VN were also hacked 5-7 yrs ago. I'd be very cautious about what info you provide them.
 
LionKing said:
I think it is not about whether my points are safe or my credit card details are safe, but rather I am more concerned about my identity being stolen and get impersonated to do something that I don't want or shouldn't do.
Click to expand...

Apologies - I should have made it clearer that I was being a bit facetious. We all know the issue is NOT about points etc but the wider issue; its just that Qantas and their IDCare simply focus on the QFF account, points etc and pretend everything is OK.
 
Seat0B said:
I agree. I had a lot of data taken, certainly enough to impersonate me, and I'm not happy about it. Until this, my personal data was not out on the dark web.
Click to expand...
How sure are you of that?
LionKing said:
I think it is not about whether my points are safe or my credit card details are safe, but rather I am more concerned about my identity being stolen and get impersonated to do something that I don't want or shouldn't do.

In particular what if someone is sending an email pretending my email address for some kind of scams?
Click to expand...
It's trivial to send an email pretending to be from your email address. So unless you've never sent an email and your address isn't known to anyone that risk has always been there.
 
So my email address has been flagged with Vietnam airlines. On the haveibeenpwned website. But I don't think I had that email address 25 years ago so 🤷‍♀️
 
Brissy1 said:
Qantas says my details hacked, but the haveibeenpwned site report zero hacks on that email 🤷‍♂️.
Click to expand...
Yes, due to the injunction, you won't find the Qantas data loaded into things like HIBP

www.troyhunt.com

Court Injunctions are the Thoughts and Prayers of Data Breach Response

You see it all the time after a tragedy occurs somewhere, and people flock to offer their sympathies via the "thoughts and prayers" line. Sympathy is great, and we should all express that sentiment appropriately. The criticism, however, is that the line is often offered as a substitute for...
www.troyhunt.com www.troyhunt.com

Where this leaves us with Qantas is that, on a personal note, as a law-abiding Australian who is aware of the injunction, I won't be able to view my data or that of my kids. I can always request it of Qantas, of course, but I won't be able to go and obtain it if and when it's spread all over the internet. The criminals will, of course, and that's a very uncomfortable feeling.

From an HIBP perspective, we obviously can't load that data. It's very likely that hundreds of thousands of our subscribers will be impacted, and we won't be able to let them know (which is part of the reason I've written this post - so I can direct them here when asked)
Click to expand...
 
Not sure if an overseas hosted site like HIBP would be necessarily bound by an Aus injunction., and in any event they are making substantial alterations to the dataset.
 
Hasn’t Qantas already told everyone they have been ‘pwned’, either directly, or via their account profile?
 
Score 10,000 Bonus PayRewards Points on your business spend!*
Elevate your business spending to first-class rewards! Sign up today with code AFF10 and process over $10,000 in business expenses within your first 30 days to unlock 10,000 Bonus PayRewards Points.
Join 30,000+ savvy business owners who:

✅ Pay suppliers who don’t accept Amex
✅ Max out credit card rewards—even on government payments
✅ Earn & transfer PayRewards Points to 10+ airline & hotel partners

Start earning today!
- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners

AFF Supporters can remove this and all advertisements

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

... and 28 more.
Total: 1,184 (members: 78, guests: 1,106)
Back
Top