QANTAS Cyber Incident

Score 10,000 Bonus PayRewards Points on your business spend!*
Elevate your business spending to first-class rewards! Sign up today with code AFF10 and process over $10,000 in business expenses within your first 30 days to unlock 10,000 Bonus PayRewards Points.
Join 30,000+ savvy business owners who:

✅ Pay suppliers who don’t accept Amex
✅ Max out credit card rewards—even on government payments
✅ Earn & transfer PayRewards Points to 10+ airline & hotel partners

Start earning today!
- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners

AFF Supporters can remove this and all advertisements

Nothing for me or partner, although we've not received the initial email either (checked junk, too.) Yet our non-active, never-contacted-any-call-centre bronze son did receive both notifications. I guess ours are in a holding pattern and will land eventually.
 
trippin_the_rift said:
6M.....represents anyone who has had new bag tags issued?
Click to expand...

I’ve never had bag tags issued from QF. Only ever been a lowly Bronze, and same as you, no points transfers in, no wine, nothing.
Post automatically merged:

Comoman said:
I have not contacted Manila or any call centre for at least 8 years I would think.
Click to expand...
Same here.
 
Pushka said:
And be just the luck to get rerouted to the Manila call centre.

So the story this morning is that an operator in the Manila call centre allowed someone to access the data systems via a phone call. Sounds a lot of authority to be able to do that. Shame they can't use that authority to sort out issues when we call them.
Click to expand...

Yes that is correct, from what I know, someone thought it was smart to give out username/passwords to a system to a caller..... Once that is given you can run/extract reports etc depending on the access level of the operator.
Post automatically merged:

AussieTim said:
I got the second email - no one else in the household. LTS, almost LTG, only travel every 1-2 years now. Last phoned QF in 2018.

My last flight was April 2024. But I did a redemption for my wife last month.
Click to expand...

Likewise for me....
 
As a data point, Optus took about 4 days to offer free credit monitoring for 12 months.

But I will note that drivers licence details have not been leaked by Qantas, so the risk is quite a bit lower..

How Qantas handle this from now on, will reflect on how much they care for their customers.

10,000 points for everyone ? Free credit monitoring ? Nothing...
 
Everyone of us (4 pax) received both emails so far.
Membership numbers are consecutive - well, within 20 of each other to be precise. We all joined at the same time 25 years ago.
 
Am I missing the point here? Many people saying that they use Authenticator/trust QF would reimburse any hacked or stolen points etc, which I get. But isn’t there a bigger risk for identity theft or other financial mischief away from QF if hackers have your name, address, email and DOB - which info is commonly used to authenticate transactions to reset passwords, port phone numbers (OMG the trouble if someone ports your phone number), etc etc.
 
I always love businesses saying “importantly credit card details were not leaked” …. ummm I can get a new credit card - kinda stuck with the birthdate that you gave to everyone.

Also, IMHO Optus was a bit different, Optus wasn’t hacked - it left our details completely unsecured from memory. So I think its fair Optus faces harsher criticism than QF.
 
Seat0B said:
Am I missing the point here? Many people saying that they use Authenticator/trust QF would reimburse any hacked or stolen points etc, which I get. But isn’t there a bigger risk for identity theft or other financial mischief away from QF if hackers have your name, address, email and DOB - which info is commonly used to authenticate transactions to reset passwords, port phone numbers (OMG the trouble if someone ports your phone number), etc etc.
Click to expand...
Now I’ve read to the end of the thread, I’m “reassured” that others see the same issues that I do. So not catastrophising, this is actually pretty bad.
 
“Hacked” or “let in”, I think that is unnecessarily splitting hairs on terms now… malicious access to unauthorised systems gained through malicious means with malicious intent. I’d still call that “hacked”.

From what I understand, the [not Optus, possibly Medibank, I don’t know exactly] event occurred when a contractor saved passwords to their favourite browser password vault and then logged into their account on their favourite browser on their personal PC and the password vault sync’ed and then their personal computer was compromised and someone was easily able to get corporate security details.

If the general public did some general research on what is easily possible to “hack” your toes would curl and you would never turn your PC or electronic device on again. My previous job was at a financial second-tier firm and their mantra is “not if, but when we get hacked” and they have a whole cyber security department monitoring 24/7. Many of the top consultancy firms also outsource work to Philippines et al so a lot of corporate data is being worked on overseas these days.
 
Last edited:
Seat0B said:
Am I missing the point here? Many people saying that they use Authenticator/trust QF would reimburse any hacked or stolen points etc, which I get. But isn’t there a bigger risk for identity theft or other financial mischief away from QF if hackers have your name, address, email and DOB - which info is commonly used to authenticate transactions to reset passwords, port phone numbers (OMG the trouble if someone ports your phone number), etc etc.
Click to expand...
Thankfully, in Australia, mobile numbers are not that easily ported out; at least not without you agreeing to it verbally at the port requested number, or via SMS code verification at that number. The ACMA has rules around how this occurs for Australian numbers. They (the telcos) can also use actual documents or government online verification processes in the event the device is lost or stolen, but none of what has been potentially leaked here is really enough to put the port at risk.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

... and 69 more.
Total: 906 (members: 119, guests: 787)
Back
Top