QANTAS Cyber Incident

ozflier said:
I got this email

Dear xx_xx_,

Recent personal account information change

We are writing to confirm that, as requested, we have updated your Name in our records. Your protection and security is very important to us. Therefore, if you did not personally request an update to your information, please call Qantas Premier Card Support immediately on 1300 992 700 (+61 1300 992 700 if calling from overseas). We're available 24 hours a day, 7 days a week. This letter has been sent solely as a security measure to authenticate your personal information update. If the update was done at your request, you don't need to take any further action and can ignore this letter.

Yours sincerely,

The Qantas Money Team

I did get thru to Qantas Money, agent says no worries , no further action needed , and to ignore this kind of email over the next few days as the fault is fixed !!!
Click to expand...
Yep, same email but it did say if you did not personally request an update...!
 
AuSammy said:
Is it just me or is there a lot of unnecessary venom in a lot of the posts in this thread. Sh.. happens 🤷‍♂️

[yes I got both emails]
Click to expand...
I feel the same way and like you got both. It happens, and while QF have had some mistakes in recent times, they seem to be doing lots to resolve this one.
 
AuSammy said:
Sh.. happens 🤷‍♂️
Click to expand...

Sure it does, but doesn't the reason for it happening comes into play?

Weather event affecting flights. That Sh happens, fine

Data hack due to possible poor data management/training/something in the company's control - that Sh shouldn't happen and if it does, angst, or venom depending on your tolerance for having your personal info stolen, can be understandable.
 
AuSammy said:
Is it just me or is there a lot of unnecessary venom in a lot of the posts in this thread. Sh.. happens 🤷‍♂️

[yes I got both emails]
Click to expand...
I think it’s also due to the simple fact that Qantas has - especially in recent years - burnt a lot of the good will that customers might have otherwise afforded them.
 
Quickstatus said:
"Sh happens" is actually not an excuse, and not permissible under the Act.
Click to expand...
I’m sure it’s in there somewhere under…. umm….

Book Looking GIF by GritTV
 
Check out the latest credit card signup bonus point offers
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

drron said:
[Vanessa Hudson] Was back in Australia yesterday but flew home on QF so had no wi fi so couln't keep in touch. Was on last night;s news.
Maybe her experience might speed up the roll out of wi fi in QF planes. But probably not.
Click to expand...

RooFlyer said:
Probably a constant stream of scribbled notes between the flightdeck receiving word on the radio and VH.

OTOH, if she flew QR with Starlink, she could’ve had a continuous video call on her phone ( but may have been shushed by the FA).
Click to expand...

I promise my name is not Joe Aston (from his Rampart column today ...)

1751947039970.png

Or maybe he gets his material from AFF ... ;)
 
Boof1 said:
they seem to be doing lots to resolve this one.
Click to expand...

What is this lots they are doing? All they did was take 2 full days to notify impacted customers; and their CEO hide from all media for longer than that.

I see no evidence of any real action to improve security of our PII or to ensure such a breach wont happen via a 3rd party again.

Now immediately cancelling contract with the Manila based call centre or at least not routing any calls there until this has been fully resolved would have been doing something. Giving us new FF#s would have been doing something. Providing Equifax account to monitor unauthorized access would be do something. Strengthening passwords to more than a 4 digit pin would be doing something.

A half hearted apology with no guarantees nor compensation is not doing lots. Its not even the bare minimum really.
 
Aeryn said:
What is this lots they are doing? All they did was take 2 full days to notify impacted customers; and their CEO hide from all media for longer than that.

I see no evidence of any real action to improve security of our PII or to ensure such a breach wont happen via a 3rd party again.

Now immediately cancelling contract with the Manila based call centre or at least not routing any calls there until this has been fully resolved would have been doing something. Giving us new FF#s would have been doing something. Providing Equifax account to monitor unauthorized access would be do something. Strengthening passwords to more than a 4 digit pin would be doing something.

A half hearted apology with no guarantees nor compensation is not doing lots. Its not even the bare minimum really.
Click to expand...

This response is a classic Dunning Kruger example, of which there are many, many in the thread.

The reality is most of us don’t know enough, to know we don’t know enough to comment.

However, having myself been through what Qantas are going through, and having dealt with the ACSC and many other agencies that Qantas have quoted, I am confident that Qantas are doing more than enough and more than they are publicly stating. Expert advice in these situations is normally to only share as much as is needed while the authorities and investigations happen.

The fact that in the next few days 6 million QFF members will know exactly which details were obtained is one example of the work that is going into this.

And for what it is worth, other than those who did the wrong thing (the hackers), everyone else involved would feel horrible about this event happening, and nobody goes to work intentionally letting things like this happen.

Be mad it happened for sure, but be mad at the rascals that did it, not the staff that are also victims.
 
Aeryn said:
I see no evidence of any real action to improve security of our PII or to ensure such a breach wont happen via a 3rd party again
Click to expand...

The corollary is you also have no evidence they are not doing that.

You can rant as much as you like but assumptions from a distance about something none of us has access to or inside knowledge doesn’t help anyone one iota.

The common sense approach is for the company to complete their investigations and make considered decisions rather than half coughed reactions
 
Aeryn said:
What is this lots they are doing? All they did was take 2 full days to notify impacted customers; and their CEO hide from all media for longer than that.

I see no evidence of any real action to improve security of our PII or to ensure such a breach wont happen via a 3rd party again.

Now immediately cancelling contract with the Manila based call centre or at least not routing any calls there until this has been fully resolved would have been doing something. Giving us new FF#s would have been doing something. Providing Equifax account to monitor unauthorized access would be do something. Strengthening passwords to more than a 4 digit pin would be doing something.

A half hearted apology with no guarantees nor compensation is not doing lots. Its not even the bare minimum really.
Click to expand...

Probably no legal grounds to cancel the contract. If they stopped routing calls there, then you'd be complaining that you're waiting on hold for hours when you call QF now that capacity has just been slashed.
 
Daver6 said:
Probably no legal grounds to cancel the contract. If they stopped routing calls there, then you'd be complaining that you're waiting on hold for hours when you call QF now that capacity has just been slashed.
Click to expand...

Seems rather illogical to cancel a contract that would have cost millions to set up with training etc and sack dozens or more because one worker got tricked by a sophisticated con man.

I mean if one of your staff clicks on a dodgy link in an email in an office in Melbourne do you sack everyone in that office?
 
Aeryn said:
Now immediately cancelling contract with the Manila based call centre or at least not routing any calls there until this has been fully resolved would have been doing something. Giving us new FF#s would have been doing something. Providing Equifax account to monitor unauthorized access would be do something. Strengthening passwords to more than a 4 digit pin would be doing something.

A half hearted apology with no guarantees nor compensation is not doing lots. Its not even the bare minimum really.
Click to expand...

Agree - QF have done the bare minimum, if that.

For me 12 months of credit monitoring would be the minimum, but the QF fanbois/staff on here said that would be a bad idea.....
 
AuSammy said:
The common sense approach is for the company to complete their investigations and make considered decisions rather than half coughed reaction
Click to expand...

I've given solid examples about how they could help, there is precedence in providing free credit monitoring from other breaches. Waiting just gives the thieves more opportunities to misuse the the stolen data.

Boof1 said:
everyone else involved would feel horrible about this event happening, and nobody goes to work intentionally letting things like this happen.
Click to expand...

We can agree to disagree I've had displeasure of working with many individuals whose care factor taken in their job performance is really low.

At most companies IT send fake phishing emails and time and time again the same people fall for the most obvious scams and end up on the naughty list. It isn't that that they don't know what to look for and check, IME they more often than not just can't be bothered to do so or don't stop and think before they act.

Boof1 said:
Be mad it happened for sure, but be mad at the rascals that did it, not the staff that are also victims.
Click to expand...

From statements made this wasn't a hack of core systems nor anything sophisticated. If staff member at the outsourced call centre shared their logon credentials with a caller or clicked on a phishing email or installed some software they made a conscious choice to do so making them one of the rascals. I'm comfortable that my anger at their negligence is far from misplaced.

Just as i feel valid being angry at the call centre operator for not having more controls in place like preventing log-in to systems off premises or outside VPN and saving PII like DOB details in their 3rd party system.

Daver6 said:
If they stopped routing calls there, then you'd be complaining that you're waiting on hold for hours when you call QF now that capacity has just been slashed.
Click to expand...

Nope Id rather wait longer to speak with staff in Tas/NZ staff and know issue will be resolved first time than have to make multiple calls to less capable outsourced call centres. And Id prefer they invest instead in fixing the website so less calls are required full stop.

I hope the backlash from this proves to be impetus for Qantas to upsize their own call centres and ditch the outsourced ones that have consistently provided poor customer experience. It might be cheaper to hire someone in Manilla but if its takes multiple calls to have the simplest issues resolved then how much does it save in the long run?
 
Last edited:
Last edited:

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

... and 18 more.
Total: 1,202 (members: 68, guests: 1,134)
Back
Top