I am not sure that this one is a speculation? I understand Qantas admits that data was compromised on one of its systems. That to me is conclusive that security was not appropriate. “Security” includes all layers of defence (including the human layer, the physical layer and the data layer, etc…..). So just like we know the plane crashed, we know the security was breached….. this (the security being breached) is not appropriate (in the eyes of their customers).
I understand the perspective, however I'm not sure it's quite so clear cut.
We can likely all agree and accept that impenetrable security is a myth. All that any individual/entity can do is to ensure that appropriate and commensurate security mechanisms and policies are in place, and then continuously and proactively maintain and enhance said mechanisms and policies in an attempt to keep pace with known and emerging threats.
If an employee or contractor fell for a vishing scam, then that's a security failure. Agreed. But the question would then be whether there was appropriate and ongoing training? If there was, then had
this specific employee/contractor been trained? If so, then how long ago? These scams become more and more elaborate and convincing as time goes on, and I've certainly known very intelligent people who have fallen victim to scams that you or I might see through in an instant, but for whatever reason, they have not.
So we know the security was breached - much the same as, to your point, we know the plane crashed. However, much like the plane crash, the circumstances leading/contributing to the breach remain unclear.
The attack on the country’s biggest airline comes amid a wave of breaches at North American carriers, including Hawaiian Airlines, prompting FBI warnings.
www.afr.com
Sales Salesforce....
Thanks for sharing. Unfortunately, this is paywalled link and even with the assistance of a 12ft ladder, I can't seem to peer over the wall to read the full article. Does it explicitly state as fact that Salesforce was the breached platform?
Unless I've missed it, this article does not reference Qantas, nor does it reference Scattered Spider (i.e. the hacking group suspected - but not yet confirmed - as being behind this breach). That being said, I acknowledge that Scattered Spider is an offshoot of a larger group known as "The Com", and that the CNN article does suggest that technical infrastructure leveraged by the hacking group to which they are referring (i.e. "UNC6040") shares characteristics with suspected ties to The Com.
Clearly insufficient training/warnings/safeguards - Or it wouldn't have happened
Isn't this tantamount to arguing that if your house is broken into despite you having installed - and used - door/window locks, a back-to-base remote monitoring alarm, security cameras etc, that you clearly didn't ensure sufficient safeguards for your home? After all, if you'd implemented sufficient safeguards, then your residence wouldn't have been broken into.
To reiterate my earlier comment, impenetrable security is a myth. And that's not for a moment suggesting that Qantas should be given a free pass on this, especially if they are found to have been lacking in their security protocols.
. Must be International Spammers public holiday . 
