QANTAS Cyber Incident

[blackcat20]

I have separate emails for Qantas and Qantas business rewards and have not had any emails to the Qantas business rewards email address yet

No QBR email here either.

 

[prozac]

As I haven't received any email at all, not even the first generic one, to be honest I rarely click on the thread anymore because it doesn't warrant my personal attention. I was in the Optus hack so did need to line up and change my 40 year old driver licence number which I knew by heart and much more impact. So really the general public have long moved on. Being hacked seems par for the course these days.

I wouldn't want to give up my drivers license number which is consecutive numbers ... and it took me 40yrs to realise it was. No, not really. MrsP just submitted a newPP application recently and I noticed her expired PP has consecutive triple numbers and one lucky number.

 

[RooFlyer]

International media are still interested

https://loyaltylobby.com/2025/07/14/qantas-hack-readers-entire-file-was-leaked/

Ouch!

 

[SeatBackForward]

Anybody else receiving text messages supposedly from AusPost or Australia Post from the Phillipines (+63) numbers?
I’ve had two in the last 48 hours.

Yes, but that had been happening long before the Qantas hack (and I was not part of the Optus/Medibank hacks).

These +63 and +64 are spoofed numbers, more than likely the scammers are in India, They'll send messages but also call you, if you answer and speak to them, the fake accent is so comical it's entertaining.

 

[Be.au]

These +63 and +64 are spoofed numbers, more than likely the scammers are in India, They'll send messages but also call you, if you answer and speak to them, the fake accent is so comical it's entertaining.

It's not really a 'spoof' as they're not even trying to pose as an Australian number.

+63 is a Philippines number, and +64 is New Zealand.

Probably 'easier'/'cheaper' than trying to acquire an Australian number these days, and hope that enough people fall for a random text.


(I regularly get calls from the 'Visa and Mastercard security department' from +64 numbers, now it's much harder to spoof +61 numbers in Australia thanks to the telcos)

 

[prozac]

Firstly I think you work for Qantas and none of my criticism is directed towards frontline workers.
My comment re lack of media attention simply reflects that 23% of the Australian population had their data hacked
from a single event and that the media don't seem to think that it is a major issue.

That's what CL does. It stifles criticism. "No CL for you !"

 

[SeatBackForward]

It's not really a 'spoof' as they're not even trying to pose as an Australian number.

It is spoofed, in that it's not a genuine called from the Philippines or New Zealand. But yes it's good that spoofing Australian numbers has become harder. I'm not entirely sure how the Telco system has been setup to allow this to happen at all, I would have assumed numbers are unique and should only ever be the value used.

 

[MEL_Traveller]

ha! If you log in to your qantas FF account and go to ‘personal information’, there’s a big red tile to click on titled ‘change your name’

 

[DejaBrew]

ha! If you log in to your qantas FF account and go to ‘personal information’, there’s a big red tile to click on titled ‘change your name’

Hasn't that always been there? Or at least, been there for a long time...

 

[Pushka]

ha! If you log in to your qantas FF account and go to ‘personal information’, there’s a big red tile to click on titled ‘change your name’

Yes but that doesn’t change your name immediately but is checked. I did this about 18 months ago. To Pushka . Joking. I added my middle name.

 

[DejaBrew]

I added my middle name.

"Pull-ka"?

 

[MEL_Traveller]

Hasn't that always been there? Or at least, been there for a long time...

Oh, it probably has, but just funny that in the current circumstance it’s giving it as an option.

 

[Dvg]

Agree. Also, whilst its optics, just the timing of Green Tier changes and raising change fees - seriously, it takes a company with a lot of gumption to make negative changes so soon after 6 million of their customers were hacked.

Also agree, however it seems to me to be standard Qantas marketing strategy “the cough has hit the fan, so let’s dump some more bad news for the suckers, oops customers” and the circus moves on…..

 

[Dvg]

Anybody else receiving text messages supposedly from AusPost or Australia Post from the Phillipines (+63) numbers?
I’ve had two in the last 48 hours.

Same here, had 5 so far.

 

[mrsterryn]

And so it begins, Telstra ID reset email (correct details )
I have no idea when I had a Telstra ID ? Perhaps from foxtel era ?

 

[Telemachus]

So I resorted to an online Customer Care form. Told them the PII that had been compromised had the potential to facilitate identity theft and related fraud and I awaited advice on practical action QF would now take to reduce the risk of that occurring. I suggested they might start by signing me up to a credit monitoring service such as Equifax Credit Protect.

Let us know if you get any response.

See the Qantas Customer Care reply received today:

Dear Telemachus,
We sincerely apologise for this incident, the concern it has caused and appreciate your understanding.
Last week, Qantas finalised emailing affected customers to advise them of the types of their personal data that was contained in the impacted system and provide advice and support.
If you have been directly impacted, you will have received an email to advise you of the types of personal data that was contained in the impacted system for you. Our customer records are based on unique email addresses, so if you have multiple email addresses registered with Qantas, you may receive a separate notification to each impacted email address. Customers who had multiple records held in the impacted system may have received more than one notification.
There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor.
Our analysis also confirms that no credit card details, personal financial information, or passport details were stored in the affected system. You Qantas Frequent Flyer account remains secure - passwords, PINs, and login details were not accessed or compromised.
Our dedicated support line remains available 24/7 on 1800 971 541 or +61 2 8028 0534, where our team can provide specialist identity protection advice and resources. For online assistance and resources, you can also visit Scamwatch, Cyber.gov.au and IDCARE's Learning Centre.
Whilst we empathise with your concerns, compensation is not available at this time. We recognise the uncertainty this incident may have caused and are deeply sorry.
Kind regards
Qantas Customer Care

Clearly just a generic message sent to anyone who had contacted Customer Care about the breach. It consists almost entirely of points already made in QF public statements and in the emails sent to QFF members. I think the last line saying ‘compensation is not available at this time’ is the only new information.

This QF message does not address the issues raised in the form I submitted. I didn’t request compensation! Having taken all QF-recommended steps for action by me (the customer), what I asked for was to be informed what else QF itself would now do to reduce the ID theft risk to me created by their failure to safeguard my PII.

Provision of credit monitoring, at least for those with the ‘full set’ of data fields compromised, is an obvious option that QF must have considered. Can’t say I’m surprised that they won’t be offering it – at least for the time being when specifically requested by lower forms of life such as this LTG member of QFF. So I will fund the credit monitoring myself or else extend the total ban on credit reporting I’ve put in place – when the initial 21 day validity period for the reporting ban expires.

 

[lovestotravel]

Similar to Optus it's a copy and paste reply to complaints in these situations. Except that Optus did eventually offer free credit monitoring for 12 months.

As I've said before until financial institutions and telcos you can't make a complaint to AFCA/TIO which can be escalated, and actually costs real $$ to the company you are complaining about.

You will get no-where with Qantas, they don't care.

Stop flying them if that helps

 

[sevenfourtyseven]

See the Qantas Customer Care reply received today:

Dear Telemachus,
We sincerely apologise for this incident, the concern it has caused and appreciate your understanding.
Last week, Qantas finalised emailing affected customers to advise them of the types of their personal data that was contained in the impacted system and provide advice and support.
If you have been directly impacted, you will have received an email to advise you of the types of personal data that was contained in the impacted system for you. Our customer records are based on unique email addresses, so if you have multiple email addresses registered with Qantas, you may receive a separate notification to each impacted email address. Customers who had multiple records held in the impacted system may have received more than one notification.
There is no evidence that any personal data stolen from Qantas has been released but, with the support of specialist cyber security experts, we continue to actively monitor.
Our analysis also confirms that no credit card details, personal financial information, or passport details were stored in the affected system. You Qantas Frequent Flyer account remains secure - passwords, PINs, and login details were not accessed or compromised.
Our dedicated support line remains available 24/7 on 1800 971 541 or +61 2 8028 0534, where our team can provide specialist identity protection advice and resources. For online assistance and resources, you can also visit Scamwatch, Cyber.gov.au and IDCARE's Learning Centre.
Whilst we empathise with your concerns, compensation is not available at this time. We recognise the uncertainty this incident may have caused and are deeply sorry.
Kind regards
Qantas Customer Care

Clearly just a generic message sent to anyone who had contacted Customer Care about the breach. It consists almost entirely of points already made in QF public statements and in the emails sent to QFF members. I think the last line saying ‘compensation is not available at this time’ is the only new information.

This QF message does not address the issues raised in the form I submitted. I didn’t request compensation! Having taken all QF-recommended steps for action by me (the customer), what I asked for was to be informed what else QF itself would now do to reduce the ID theft risk to me created by their failure to safeguard my PII.

Provision of credit monitoring, at least for those with the ‘full set’ of data fields compromised, is an obvious option that QF must have considered. Can’t say I’m surprised that they won’t be offering it – at least for the time being when specifically requested by lower forms of life such as this LTG member of QFF. So I will fund the credit monitoring myself or else extend the total ban on credit reporting I’ve put in place – when the initial 21 day validity period for the reporting ban expires.

Next stop is the OAIC now that QF has responded.

 

[significance]

I had another hack attempt on my my.gov account last night. They failed to guess my password, but I wonder if they were trying to use the Qantas leaked data as a starting point. Anyway, I have switched off password access and enabled a passkey for my.gov.au

 

[There'sOnlyOneJimmy]

I had another hack attempt on my my.gov account last night. They failed to guess my password, but I wonder if they were trying to use the Qantas leaked data as a starting point. Anyway, I have switched off password access and enabled a passkey for my.gov.au

Also consider using the government issued “myID” Authenticator App.