QANTAS Cyber Incident

kpc said:
Just got another email:

Our analysis has found that the following types of your data held on the compromised system was accessed:
Address
Name
Email address
Phone number

So which email do I believe Qf? This is becoming a joke Qf....and the laugh is on us!
Click to expand...
Either Qantas is buggering up the email send, or someone is already using the email format to great effect.... Don't have QBR and don't share my email address with any other FF account.

9 out of 11 data points breached email header/footer (from qantasff@ loyalty .qantas .com) -:

1752236956555.png

1752236763792.png

3 out of 11 data points breached email header/footer (from qantas@ loyalty .qantas .com) -:

1752236985612.png
1752237009955.png
 
I've been confused about call outs saying people want to know the specific data that was compromised; now i get that if it was a previous address for instance it's lower value, similarly was it my 700k points balance from the time of my previous interaction with QFF contact centre, or a live balance (much less)??

Not everyone follows their accounts as often as I'm sure many of us AFF members do - or earns as often - so many casual program members may be more susceptible to phishing activity in the future for sure.
 
My email came through this morning, personally addressed (full WP status) and advising me that 10 data types were leaked (no meal selection).
I only have one email address on my QFF and QBR profiles, so just one email.
 
Check out the latest credit card signup bonus point offers
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

ChrisW. said:
Am I the only one that also had the address leaked so far?

Our analysis has found that the following types of your data held on the compromised system was accessed:
Address
Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number
Click to expand...
I too have the triple trifecta! Email in this arvo.
 
One of the usual Ambulance chaser law firms will be lodging a Class Action - once they’ve found someone who can attribute loss to QF negligence.

Meanwhile, S&G’s Optus CA is still out there - somewhere….
 
Austman said:
Claiming what exactly?

You'd need at least a monetary loss claim, that you can substantiate.

For other breaches of laws and regulations, it's the authority involved that will decide to take any legal action. That is usually to seek a corporate penalty.
Click to expand...
And with all the major players' players having CL access, I am sure justice will be found from that alone.
 
Cloud9 said:
And with all the major players' players having CL access, I am sure justice will be found from that alone.
Click to expand...

Indeed.

If they have any influence, that they choose to exercise, on the authorities that can actually issue the corporate fines. Fines that can be very substantial.
 
It occurs to me that high status credits suggests regularly not home; and home address and postcode could inspire some unsavoury types, and with a phone number too...

Probably over estimating criminal ability here
 
Nine leaks - first data breach and it made me feel sick to read what's been hacked. We really need to urgently know exactly what data was stored, so we can change things like email address and phone number.
 
oz_mark said:
Even if one were to get up, it would be years before there was a result.
Click to expand...
A comp upgrade in a few weeks and I’m happy to cut my losses.

QF will be put through the wringer but not expecting any significant comp. 12mths of Equifax from Optus was warm and fuzzy but not particularly useful in the end.
 
miniyazz said:
In my opinion, this is just not good enough.

There need to be serious penalties for companies failing to protect private data, as have been introduced in the UK a number of years ago.

I don't really care about the Qantas data leaked, if someone is able to access Qantas accounts, spend/steal points etc there would be uproar if Qantas did NOT provide restitution (return to the previous balance).

What I DO care about is my name, date of birth, phone number, residential address, etc etc etc being leaked.
I can't just change them.
I will be at increased risk - permanently - from their mistake.

Leaking credit card data would be better and yet they keep "reassuring" me that no credit card data was leaked. Despite the fact that I can get a new credit card in about 3 days.

They keep talking about how their systems are secure now. I couldn't care less what they are like now - have they ever heard about closing the stable door after the horse has bolted?

It all just smacks of minimisation, lip service, and "too bad so sad" followed by them moving on.
Compensation doesn't change the fact that they have seriously let their customers down - but nor has it been offered - it just seems like they are hoping it will go away and no-one will kick up a fuss.

Disgusted
Click to expand...

This. A million times this.
 
I also have been getting a lot more spam emails and phone calls recently. And I haven;t been involved in the QF security Breach.
I do monitor my email addresses and know my main account has been put on the dark web at least a dozen times. I think people are kidding themselves if they think some of their personal info isn't out there.
 
SYD said:
A comp upgrade in a few weeks and I’m happy to cut my losses.

QF will be put through the wringer but not expecting any significant comp. 12mths of Equifax from Optus was warm and fuzzy but not particularly useful in the end.
Click to expand...
I’m surprised they haven’t offered Equifax yet but maybe they will
 
A civil case will take a while, it’s been 3 years and still going through the stages with the Optus breach. No doubt QF will be watching super closely however.

Let’s see how cosy the relationship will be here with Canberra compared to Optus. Government was pretty hostile with Optus and its breach, they seem super quiet here on the QF front however.

Continued large scale fines here be it illegal behaviour, now breaches, is really unacceptable for shareholders and a full review of the business should be undertaken including removal of executives and board members. What else will QF be fined for in the future? They always come across to me as sorry, but not sorry. This should really have sent VH packing but it won’t.
 
This is quite serious. If we do up a simple Venn diagram of how much of the general Aust population are QFF members (with key details exposed), and then presume that a vast majority of Aust residents have CommBank accounts, that should be plenty to work off (as a simple example).

From a security perspective, scammers have been using AI more to upscale their brute-force attacks and it does not take a lot of effort to datamatch this against primary ID already exposed. Some banks have simpler 2FA which can be circumvented by port porting, and that's the clean sweep.

Take the focus away from FF points and think about how your overall exposed data can be weaponised against you right now...
 
I've not reached preservation age yet - can super accounts/SMSF's be drained using the key 9 points of data and/or similar social-engineering methods as Manila?

Good to see some folks can still make light-hearted jokes about bingo at this point... good luck all 🥸
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

Total: 4,034 (members: 11, guests: 4,023)
Back
Top