QANTAS Cyber Incident

[justinbrett]

My routine during Covid was different, certainly doesn't match my routine now. No one can steal my identity knowing i bought a coffee at xyz cafe in 2020 or went to the hairdressers.

And the check-in app was run by the government, businesses registered for a QR code and you scanned it and sent your contact details with venue code, i dont think the government was selling that data. If they did then there was no DOB just a name and contact number and email; the email i used was one of the one i use for online forums etc not one I use for important stuff.

The app came much later, and perhaps your state was different, but cafes and restaurants etc were operating their own systems (if not pen and paper) collecting the same details as the later government apps. Certainly enough to sell to scammers.

Everyone is harping on about DOB but that’s the least of my concern (you can get that from Facebook for many). It’s the increased scam calls I’m worried about and they don’t need DOB. Any company I deal with that’s worth their salt will have more protection than just asking for my DOB, that probably 20 of my closest friends know and anyone in HR.

 

[mjgriffo]

I just pullled up the emails, Optus sent 3 to me in escalating severity from oops we got hacked to we may have shared your personal data, to oops we shared your license ID - please go request a new one from VicRoads.

But no I did not get any Equifax access from optus nor a cent in compensation. Not saying that's okay, Slater and Gordon have a class action ongoing, but I couldn't let any sort of congratulations go to Optus on their handling of it, it was absolutely appalling. They lost a CEO over it.

Equifax - yep, I tried to avail myself of the access provided by Optus and the registration process just kept booting me out. I ended up paying for the service myself (~$14/mth)

 

[MEL_Traveller]

Ok. It's the opposite then. It's safe. Otherwise we'd never get any emails for tickets etc. Which of course we do.

Different email addresses though. I get QF tickets and the monthly points update, but the email regarding the cyber attack went straight to junk/spam.

 

[Pushka]

Different email addresses though. I get QF tickets and the monthly points update, but the email regarding the cyber attack went straight to junk/spam.

It's not in junk or spam. I simply didn't get it. I've now gone into the main domain control area and it's not there either The safe domain name is still Qantas.

 

[oobi doobi]

Different email addresses though. I get QF tickets and the monthly points update, but the email regarding the cyber attack went straight to junk/spam.

Same here. Finally looked in my junk mail and there it was.
Cheers

 

[Pushka]

That's a no from me in spam.

 

[Aeryn]

Im not sure why so many are claiming the email came from a new/different qantas email address [email protected] has been in use for ages, if you havent noticed it before you must not be getting emails such as DSC offers and points statements as they are sent from the same address.

I use gmail I searched my inbox (type Label:inbox from:[email protected]) and it returned a stack of emails from this year not counting the many ive deleted or filed in other folders. See a sample below.



Gmail, Hotmail and other providers start adding certain emails to spam if you keep deleting emails from those addresses without reading first. I know Qantas spams its customers multiple times a day, but best to select and mark as read before deleting to make sure you see the important ones.

Re DOB its the combination of this with other details that make other accounts vulnerable.

 

[Pushka]

Im not sure why so many are claiming the email came from a new/different qantas email address [email protected] has been in use for ages, if you havent noticed it before you must not be getting emails such as DSC offers and points statements as they are sent from the same address.

I use gmail I searched my inbox (type Label:inbox from:[email protected]) and it returned a stack of emails from this year not counting the many ive deleted or filed in other folders. See a sample below.

View attachment 455244

Gmail, Hotmail and other providers start adding certain emails to spam if you keep deleting emails from those addresses without reading first. I know Qantas spams its customers multiple times a day, but best to select and mark as read before deleting to make sure you see the important ones.

Re DOB its the combination of this with other details that make other accounts vulnerable.

I just did the same and have received multiple emails from that address. That went straight to my inbox. Not spam.

 

[justinbrett]

Re DOB its the combination of this with other details that make other accounts vulnerable.

Only to weak systems in which case you’ve got more to fear from them than this QF breach. Any financial institution that would accept these details without further checks should be deregistered. Every financial institution I deal with is Fort Knox.

I can’t even do my online Woolies order without 2FA.

 

[offshore171]

Only to weak systems in which case you’ve got more to fear from them than this QF breach. Any financial institution that

Couple of things to consider.

It's not just financial institutions. It's anything.

The whole ID theft thing is incremental. They get a bit of data here, find a service that is quite weak, log into that and get some more attributes on the individual, then move to more hardened services as their "profile" gets more detailed.

They other thing they can do is data matching.

Name and DOB and other attributes from this leak can be used to match records from other datasets from other previous leaks from entirely different sources. Again this helps build a more detailed profile on an individual to potentially target.

 

[DejaBrew]

Guessing they've started to see/hear about scams popping up. Noticed the info page has been updated to include this in the FAQs -:

Emails from Qantas will always come from a domain that ends in qantas.com. For example, an email from @loyalty.qantas.com is legitimate, as it ends in .qantas.com.

It is important you check the email address that the email has been sent from, not the display name. The display name can be made to look legitimate when it is not, which is why it is important to check the address the email has been sent from.

Emails from domains that do not end in qantas.com or qantas.com.au should be reported. (i.e qantas.net or qantas.biz)

If you do receive any suspicious emails, text messages or calls from someone purporting to be Qantas, you can report this via our Dedicated Support Line on 1800 971 541 or +61 2 8028 0534.

Was also interesting to hear one of the finance/economist guests talking on ABC News Breakfast this morning about the curious implications for Qantas post breach (thus far) -:

• Stock price up 10% (and up approx. 70% for the year)
• No talk of class actions
• No talk of compensation
• No real talk yet of penalties (granted that it's still early days for that)

 

[justinbrett]

Guessing they've started to see/hear about scams popping up. Noticed the info page has been updated to include this in the FAQs -:

Emails from Qantas will always come from a domain that ends in qantas.com. For example, an email from @loyalty.qantas.com is legitimate, as it ends in .qantas.com.

It is important you check the email address that the email has been sent from, not the display name. The display name can be made to look legitimate when it is not, which is why it is important to check the address the email has been sent from.

Emails from domains that do not end in qantas.com or qantas.com.au should be reported. (i.e qantas.net or qantas.biz)

If you do receive any suspicious emails, text messages or calls from someone purporting to be Qantas, you can report this via our Dedicated Support Line on 1800 971 541 or +61 2 8028 0534.

Was also interesting to hear one of the finance/economist guests talking on ABC News Breakfast this morning about the curious implications for Qantas post breach (thus far) -:

• Stock price up 10% (and up approx. 70% for the year)
• No talk of class actions
• No talk of compensation
• No real talk yet of penalties (granted that it's still early days for that)

These scams are likely to be taking advantage of the situation rather than using the data itself. Similar to the Australia Post scams, it’s nothing to do with Australia Post just that content is more likely to trick someone.

It’s a bit too quick for the data to have already been sold on the black market and already being used by scammers.

 

[DejaBrew]

These scams are likely to be taking advantage of the situation rather than using the data itself. Similar to the Australia Post scams, it’s nothing to do with Australia Post just that content is more likely to trick someone.

It’s a bit too quick for the data to have already been sold on the black market and already being used by scammers.

Sorry, I probably wasn't clear in my earlier post. I wasn't meaning to imply that the data itself was already being used, but rather as you say, there's likely been an increase in scammers taking advantage of the situation and a good chance Qantas have already started to become aware of various examples becoming more prevalent.

 

[SeatBackForward]

Stock price up 10% (and up approx. 70% for the year)

The Stock Market isn't concerned about such things, any cost associated with this incident is just the cost of doing business.

 

[justinbrett]

Couple of things to consider.

It's not just financial institutions. It's anything.

The whole ID theft thing is incremental. They get a bit of data here, find a service that is quite weak, log into that and get some more attributes on the individual, then move to more hardened services as their "profile" gets more detailed.

They other thing they can do is data matching.

Name and DOB and other attributes from this leak can be used to match records from other datasets from other previous leaks from entirely different sources. Again this helps build a more detailed profile on an individual to potentially target.

My point is that the focus needs to be increasing security at the access point (with 2FA etc) as the ship has sailed on data. People are focusing on the big names in the media but breaches happen all the time. I can’t tell you how many times my Steam account has been hacked.

As I said I just did my Woolies online shop and they require 2FA. If any company of substance you deal with don’t have additional checks then reconsider your relationship with them.

 

[DejaBrew]

The Stock Market isn't concerned about such things, any cost associated with this incident is just the cost of doing business.

I would have thought the market would/could be concerned about brand/reputational damage and potential loss of business/revenue (akin to mass exodus from Optus post their data breach). Not suggesting the two situations are identical, but it largely seems like the initial reaction from the market and the public* has largely been along the lines of "meh ".

*not counting the many disgruntled folk posting in this thread

 

[justinbrett]

I would have thought the market would/could be concerned about brand/reputational damage and potential loss of business/revenue (akin to mass exodus from Optus post their data breach). Not suggesting the two situations are identical, but it largely seems like the initial reaction from the market and the public* has largely been along the lines of "meh ".

*not counting the many disgruntled folk posting in this thread

The Optus breach was much worse as they leaked DOB and Licence numbers.

That resulted in a lot of government change and some states like Queensland implementing licence card numbers (in addition to licence numbers).

 

[DC3]

*not counting the many disgruntled folk posting in this thread

 

[Himeno]

Not in my state; pubs, cafes, restaurants, I think even cinemas. Don’t think you needed it for Woolies.

Plenty of small independent operators who may have needed an extra few dollars.

Woolworths had it's own tracking system with QR code signins unless that state gov had their own. No idea how long woolworths kept that info.

 

[equus]

I suspect that there has been a lot about what happened that has not been disclosed as yet (and may not be).

It is being represented that a scammer has tricked a call centre agent into giving up their credentials which allowed the scammer to access the system and access the data. Unless security is ridiculously lax, not front line call centre agent credentials would have the necessary access to allow mass download of data like that. They would have screen based data to a limited amount, the ability to search etc., but not to mass extract.

If it is an administrator that has been scammed, then it is not someone who would be expected to be taking calls, so a quite different scenario - and someone who should be much more aware of the implications of handing over credentials. These sorts of credentials should also have more Multi-Factor security and other restrictions applied as well.

I think that the details released are probably factual, but carefully crafted so that they lead to assumptions about the actual scenario which are not correct. The possibility of it not being a person being scammed, but rather financially induced may be more likely than other possibilities.