QANTAS Cyber Incident

[Quickstatus]

Didn't get any email. Must be OK. Or maybe they already KWIA and there is nothing else to steal?

 

[MooTime]

QF tell us to watch out for fake emails.

How about they themselves watch out to protect their clients personal information at the weakest part of the company, if a poll was held Manilla by a long way.

Look in your own backyard Qantas FFS.

 

[offshore171]

It’s the DOB that’s being handed on a platter, with address and phone and email.

And it’s one thing that can’t be changed.

QF can issue fresh FF numbers.

After the Optus hack, SNSW gave out new Drivers Licence ID’s to affected persons, making the stolen data much less useful to bad actors.

But a DOB can never be changed. If an organisation leaks that, they should be hauled over the coals.

But they won’t be, because every senior judge, every politician and every senior regulator is in on the Chairman’s Lounge grift.

 

[justinbrett]

And it’s one thing that can’t be changed.

QF can issue fresh FF numbers.

After the Optus hack, SNSW gave out new Drivers Licence ID’s to affected persons, making the stolen data much less useful to bad actors.

But a DOB can never be changed. If an organisation leaks that, they should be hauled over the coals.

But they won’t be, because every senior judge, every politician and every senior regulator is in on the Chairman’s Lounge grift.

The key difference is Optus leaked both licence numbers and DOB.

 

[OATEK]

The key difference is Optus leaked both licence numbers and DOB.

What is important here is that QF allowed the data to be stolen through their cost-cutting offshoring exercise, and we are just lucky that (at present) we do not need to provide driver's licence information for our booking transactions, or it would also have been stolen.

 

[justinbrett]

What is important here is that QF allowed the data to be stolen through their cost-cutting offshoring exercise, and we are just lucky that (at present) we do not need to provide driver's licence information for our booking transactions, or it would also have been stolen.

Same thing could have happened here. Plenty of major data breaches happen onshore.

 

[bPeteb]

First data hack that actually concerns me. The info taken makes it way too easy to create new identities. Both of us have received the second email. Actually super pissed.

Am I surprised? Nope. I deal with Salesforce all of the time. A true nightmare to deal with.

IT vendors in general just get worse and worse. Catching up with email yesterday before I return to work today and our latest 'all company' vendor continues to amaze me with their ineptitude.

A major release implemented the day we headed of to Africa included the delight of no db image being created prior. When problems were identified immediately after release there was no ability to rollback. Wtaf?

No wonder I'm jumping out of this faltering plane in the next few months with a redundancy parachute on my back.

 

[Flyfrequently]

Mr Flyfrequently only general email (not that he would read it) not the specific one.

 

[Big John]

Got the 2nd email as well. I haven't talked to a call centre for 1.5 years, so there you go.

I now await the inevitable class action .

 

[Catweazle]

Not a kipper!

 

[offshore171]

The key difference is Optus leaked both licence numbers and DOB.

Sure, but as the poster I was responding to correctly observed:

It’s the DOB that’s being handed on a platter, with address and phone and email.

9 times out of 10 those are the questions I’m asked over the phone to identify myself… with Air Canada, the UK tax office, my bank…

(my emphasis in bold)

This is potentially damaging, as the data Qantas has leaked is enough for a bad actor to authenticate as "you" with other service providers. The genie is out of the bottle.

 

[lovestotravel]

I've got mine too. No significant difference from the original generic email. Emphasis is on customers to be alert for fake emails from other operators using the stolen data. Clicking on the "dedicated webpage" just took me back to the statement issued at 2:22pm yesterday (02 July). Not at all helpful, no mention anywhere yet of the much more serious prospect of other crims assuming my identity. Guess I'll have to try one of the phone support lines - wondering how long that will take ...

Why would you bother calling ? They are just going to read from a script and tell you nothing useful.

Best for anyone impacted to sign up for one of the live credit monitoring services.. However Qantas may and should offer this to anyone impacted, like what Optus did.

https://www.optus.com.au/support/cyberresponse/equifax-protect-eligibility

So you may want to wait a week or two

 

[ellen10]

Initially I thought I did not receive any email.
But now just checking my spam folder, I see two emails from Qantas.
So it seems I am part of this also.

 

[Pushka]

Why would you bother calling ? They are just going to read from a script and tell you nothing useful.

Best for anyone impacted to sign up for one of the live credit monitoring services.. However Qantas may and should offer this to anyone impacted, like what Optus did.

https://www.optus.com.au/support/cyberresponse/equifax-protect-eligibility

So you may want to wait a week or two

And be just the luck to get rerouted to the Manila call centre.

So the story this morning is that an operator in the Manila call centre allowed someone to access the data systems via a phone call. Sounds a lot of authority to be able to do that. Shame they can't use that authority to sort out issues when we call them.

 

[justinbrett]

Sure, but as the poster I was responding to correctly observed:



(my emphasis in bold)

This is potentially damaging, as the data Qantas has leaked is enough for a bad actor to authenticate as "you" with other service providers. The genie is out of the bottle.

Perhaps it’s different in Australia (those seem to be foreign examples) but all financial institutions I deal with, and the ATO, require 2FA even over the phone.

This is not the first data breach.

 

[OzzRod]

Sure, but as the poster I was responding to correctly observed:



(my emphasis in bold)

This is potentially damaging, as the data Qantas has leaked is enough for a bad actor to authenticate as "you" with other service providers. The genie is out of the bottle.

Exactly this! And in the Qantas communications so far, there is no acknowledgement of this.

 

[SeatBackForward]

We've all been Joyced again. He's the gift that just keeps taking.

Unfortunately, the rot of outsourcing started well before Joyce.

 

[Bindibuys]

I have never bothered to close my friends QFF account (emails to me - he did not have a computer) so, he has been dead for over 2 years.
We both received the 2nd email.
The data must have been collected over 2 years ago.

 

[bussyboy]

I feel that for 99.99% off the time, contact centre do not need the address of the person they're talking to, maybe a locality and country sometimes. Why did this need to be a part of that dataset?

 

[Hadun]

The QFFF number isn’t the important part… that’s easy to protect. It’s the DOB that’s being handed on a platter, with address and phone and email.

Wasn't coming at this from an ID/credit theft angle, more a small solution to close off at least one avenue of account access.

QF can issue fresh FF numbers.

After the Optus hack, SNSW gave out new Drivers Licence ID’s to affected persons, making the stolen data much less useful to bad actors.

Yeah I was part of that unfortunate cohort. Along with the subsequent one with Latitude. So name and DOB are already floating out there.

is in on the Chairman’s Lounge grift.

What were the perks offered by optus/latitude/medibank etc then lol.