QANTAS Cyber Incident

...

And I am still waiting for my "drip feed Friday" email to see if I trump his 8.
Ditto - I've been in touch with Manila a lot due to QFF's screwy systems (thanks Green Tier!) so I'm expecting to have more or less a complete sweep (no meal preferences and an incorrect DOB will reduce the impact, but even so...)
 
A bizarre suggestion in response to a data breach.

Helpful for those in the witness protection program though!
Technically not impossible? I mean I could change to my married (my husband's name ) and vice versa
Never did , due to documentation in my only name
Though on a trivia note many many years ago probably 45 plus years ago I was living with someone and we were briefly on social security as a couple, and they actually gave me an identity with his surname . So I suppose somewhere in the system I do have a different surname ?
 
Email at 10.19 this morning. Not ideal Qantas...

Address
Name
Email address
Qantas Frequent Flyer number
Tier
Points balance
Status Credits
Date of birth
Phone number
Gender
 
Same 10/10 for me

I wonder if Qantas will now ask for a join date as a security question now that all questions are out.
Not that it really makes any difference, but I believe there have been at least 11 categories of data reported as breached. I had 10 listed in my received email, but did not have Meal Preference included, so that makes 11 categories.
  1. Address
  2. Name
  3. Email address
  4. Qantas Frequent Flyer number
  5. Tier
  6. Points balance
  7. Status credits
  8. Date of birth
  9. Phone number
  10. Gender
  11. Meal preference
So mine was a scope of 10 out of 11 :(.
 
Elevate your business spending to first-class rewards! Sign up today with code AFF10 and process over $10,000 in business expenses within your first 30 days to unlock 10,000 Bonus PayRewards Points.
Join 30,000+ savvy business owners who:

✅ Pay suppliers who don’t accept Amex
✅ Max out credit card rewards—even on government payments
✅ Earn & transfer PayRewards Points to 10+ airline & hotel partners

Start earning today!
- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners

AFF Supporters can remove this and all advertisements

Unusually busy morning for me. Just checked email & notification received 0930 today covering 10/11 categories. No Meal Preference recorded. Sigh.

Edit: Lat34+1 email received 1010 today:

Address
Name
Email address
Qantas Frequent Flyer Number
Tier
Date of Birth
Phone number
Gender
 
Last edited:
Once again, want to be clear I'm not trying to defend Qantas here. Apart from anything else, I'm still awaiting the 3rd email which suggests I've hit the jackpot (no meal preference on file though, so I already know that I won't be yelling out "BINGO!"), but....

Another school of thought on this is that it would likely be faster to identify customers with minimal data loss (e.g. if they had minimal info on file in the system of record, then you're going to know quick smart that they only had a small subset of fields leaked). Conversely, it will likely take longer to determine the (full) extent of the leak for customers with more data points on file. If this is in any way close to the reality of Qantas' / CyberCX's investigations, then it stands to reason that Qantas would - and should - communicate out to those minimally impacted customers as soon as practically possible in order to assuage their concerns. No need to leave them waiting on tenterhooks whilst they keep digging into the worst case scenario breaches for other customers.

I honestly don't see any way in which Qantas comes out of this comms exercise with glowing reviews from all customers? It's basically a case of one group of FF members arguing "...I'm more heavily impacted so you should have communicated to me earlier instead of pushing a "nothing to see here" agenda with those who had nothing overly meaningful leaked" vs another group of FF members who would be arguing "...why did you keep me waiting and worrying for so long before telling me I was on the lower end of the impact scale?"

Communicate to all at once and (some) customers will have issues. Communicate to subsets of customers at different points in time and/or differing orders of severity and (some) customers will vehemently disagree with the approach. The way I see it, I don't think there's much they could have done* that would not have been viewed with cynicism, frustration, anger et. al.

* other than avoid a data breach in the first instance
I do get all of what you’re saying - no matter how they do it they won’t please everyone. Unfortunately, Vanessa Hudson went out and said they are prioritising the higher impact people first. Clearly that hasn’t happened and I still wouldn’t put it past them to deliberately put out some low impact stuff early on to try and soften the blow.

What compounds the insult to me is their so-called support which I’ve recounted above and others are experiencing is worse than useless. It’s just a waste of our time again. But someone up in the management chain is probably telling Vanessa Hudson & others "oh look we’re providing all this care to our customers. It’ll be okay".
 
Same 10/10 for me

I wonder if Qantas will now ask for a join date as a security question now that all questions are out.
Well it's down to PIN now for a lot of us isn't it? Do with that what you feel is appropriate.

I suspect we are about to enter a time of somehow more annoying website use.
 
Unfortunately, Vanessa Hudson went out and said they are prioritising the higher impact people first. Clearly that hasn’t happened and I still wouldn’t put it past them to deliberately put out some low impact stuff early on to try and soften the blow.
And that's a very valid observation. May have been a slight case of...

ally mcbeal GIF


What compounds the insult to me is their so-called support which I’ve recounted above and others are experiencing is worse than useless. It’s just a waste of our time again. But someone up in the management chain is probably telling Vanessa Hudson & others "oh look we’re providing all this care to our customers. It’ll be okay".
Yep, totally agree that aspect of the response has been far from ideal.
 
Still yet to get 2nd email.. wonder what that means.

Maybe they've also given out my blood type, travel insurance health declarations, passport numbers and the like.

For most others, I think the biggest risk is a very convincing Qantas account phishing attempt using what is now stale information.

Any other Australian organisation should be ensuring they are requiring more information than combinations of data accessible via this breach.
 
Last edited:
Still yet to get 2nd email.. wonder what that means.

Maybe they've also given out my blood type, travel insurance health declarations, passport numbers and the like.

For most others, I think the biggest risk is a very convincing Qantas account phishing attempt using what is now stake information.

Any other Australian organisation should be ensuring they are requiring more information than combinations of data accessible via this breach.
Still waiting on my 3rd notification. Perhaps I'm part of a "bonus round" cohort who lost that little bit extra? I'll be most embarrassed if they leaked my step count from the Qantas Wellbeing app in addition to everything else...
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top