QANTAS Cyber Incident

[Kefci2000]

Anyone else get 2 emails? On that said virtually nothing was taken and one that said almost every thing was taken except CC details?
Unbelievable!

 

[prozac]

As I have said your emails are exceedingly likely to be on the dark web. You can use the free site HaveIbeenPwnded to see. Here is my report.
View attachment 457154

I have a paid access as well and it says 12 times plus names the incidents. Half I was not aware of.

So I am in agreement with @justinbrett .

Zero so far for me across a couple of emails.

 

[Peregrine]

It's not valid to proclaim "It's not damaging for me, therefore it's not damaging for anyone".

Totally agree. Many people expect privacy for legitimate reasons - eg public officials like judges, police, politicians, people in the media subject to unjustified harassment victims of domestic violence. This is way laws are enacted to protect privacy. The release of addresses is totally unacceptable.

 

[jimmy hutspah]

Anyone else get 2 emails? On that said virtually nothing was taken and one that said almost every thing was taken except CC details?
Unbelievable!

yeah WTH is going on with that? was the second a legit QF email? This is a total coughshow.

 

[Horatio]

I scored 9 points on the full header email but only 3 on the lesser one which arrived after the big one. Go figure.

Same here. I received the first one yesterday evening, addressed to 'Dear Horatio', with 9 points including DOB (same as @DejaBrew's initial bingo card). Then an hour later, addressed just to 'Dear Qantas Customer', with only 3 points (name, email, phone). Both to the same email address - and the only current one I have listed with QF. Any other email addresses are long gone.

It was the same header on both: 'Confirmation of your details impacted by the cyber incident'. The first was from Qantas Frequent Flyer, and the second from Qantas Airwqays Ltd.

Yesterday afternoon my wife was told she scored 8 points - DOB not part of it. She hasn't received a second message to date.

 

[Horatio]

Meanwhile, S&G’s Optus CA is still out there - somewhere….

Indeed - and I just checked the first time I received an email from Maurice Blackburn about the Medibank breach action. It was Feb 2023.

 

[justinbrett]

yeah WTH is going on with that? was the second a legit QF email? This is a total coughshow.

It says you’ll get an email for each record.

The big one for me came from QFF, the second one with only three fields came from Qantas Airways Ltd.

 

[PineappleSkip]

I seem to have excelled at being pwned. This looks particularly unlucky.

 

[There'sOnlyOneJimmy]

A CEO, Platinum member friend has received the QF email and his passport number was included.
Qantas is using South African call centre to answer questions. They can’t answer questions as they are just reading from a script. Lawyers have been called in.

About to get serious apparently. That is lawyers v Qantas.
Sounds like another Optus.

Am I correct in thinking that this is the first report of a Passport Number being included in the breach?

(I had a look over the last few pages & couldn’t find any other)

 

[Princess Fiona]

Am I correct in thinking that this is the first report of a Passport Number being included in the breach?

(I had a look over the last few pages & couldn’t find any other)

Correct this third hand account is the only one we have had reported here.
The emails from QF all contain this

“'I’d like to reassure you that our investigation has reaffirmed that no credit card details, personal financial information or passport details were stored in this system and therefore have not been accessed.”

 

[Isolar]

Email late last night - 10 out of 11 for me.

Get a message on my iPhone this morning that someone in Malaysia is trying to login with my Apple ID. Coincidence? Promptly changed the password anyway.

 

[prozac]

Indeed - and I just checked the first time I received an email from Maurice Blackburn about the Medibank breach action. It was Feb 2023.

And if you were a fair minded person you would believe a big organsiation like Qantas would have taken action from that time to protect customer privacy from such an easy incursion. It is a great pity that Joyce and Goyder will never be held to account when they should be. Hudson was a disciple of Joyce and she should also be in the crosshairs.

 

[justinbrett]

View attachment 457162

Zero so far for me across a couple of emails.

It’s just a subset.

I only score 7 (notable ones include MGM, MyFitnessPal and T2 Tea) but there’s plenty of others I know about either directly or from other tools - such as Steam.

 

[Longtoo]

any plan for a class action yet anyone?

 

[Pushka]

As I have said your emails are exceedingly likely to be on the dark web. You can use the free site HaveIbeenPwnded to see. Here is my report.
View attachment 457154

I have a paid access as well and it says 12 times plus names the incidents. Half I was not aware of.
So I am in agreement with @justinbrett .

Not sure how accurate that one is. I was part of the Optus scam and that doesn't appear. It's also strange it shows as appearing in multiple websites I've never used my email address.

 

[Greg555]

Anyone else get 2 emails? On that said virtually nothing was taken and one that said almost every thing was taken except CC details?
Unbelievable!

Yes, two emails only an hour apart. As you say, the first saying just name, address, email and phone number. The second with all previous PLUS QFF number, Tier, points balance, SC balance, DOB, Gender and prefered pronouns.

They don't even know what is going on in there own systems...

This is BAD....VERY BAD now. They have all the info required for someone to identify as me on a phone call...

Why aren't we getting subscription support to a cyber security monitoring company?

Hudson must Go!!!!

(joking about the prefered pronouns - however no doubt they will soon be introduced by Qantas...)

 

[drron]

Mrsdrron got a second QF email an hour after the first with only 3 items. It was from Qantas Airways, the first was from QFF as has been said up thread.

 

[iflyineconomy]

Sort of off topic but I know there are some super tech savy people here.

How do you manage your passwords? Do you use a password manager? If so what's worth looking into for a very non tech savy person. It's overwhelming the amount of passwords we use daily, I struggle to keep up.

 

[CaptainCurtis]

Sort of off topic but I know there are some super tech savy people here.

How do you manage your passwords? Do you use a password manager? If so what's worth looking into for a very non tech savy person. It's overwhelming the amount of passwords we use daily, I struggle to keep up.

I use 1Password, as we use it at work and get a free personal account. Integrates quite well with my iPhone and Mac.

I've changed all my passwords to essentially be random strings, and they're all stored in 1Password. Quite a weird concept not actually knowing your passwords, but you get used to it.

 

[AuSammy]

Sort of off topic but I know there are some super tech savy people here.

How do you manage your passwords? Do you use a password manager? If so what's worth looking into for a very non tech savy person. It's overwhelming the amount of passwords we use daily, I struggle to keep up.

I use BitWarden. Seems to work fine

[i have way too many accounts to remember all the passwords & even sometimes the login ID]