QANTAS Cyber Incident

[SYD]

To be honest, as one of those who received a follow-up email to the same email address advising a smaller set of breached data, I'm wondering whether it's more a case of that I fall into the bucket of customers who received initial advice of a "small" breach, and then were subsequently informed that even more of their data was breached. However, as a result of email batching / poor timing / mix-up /etc, I received the emails in the opposite order to how they were meant to have been sent/delivered. I'm otherwise not sure why I would be receiving two different emails to the same email address given I don't have QBR, don't share my details with anyone else, have never had another FF account and can't think of any other valid reason for having a "second" profile if it's all based around unique email address.

What does your online account show? A superset containing the items in both emails?

 

[RooFlyer]

However, as a result of email batching / poor timing / mix-up /etc, I received the emails in the opposite order to how they were meant to have been sent/delivered.

I think everyone, or most here received them in the same order as you.

* 1st e-mail advised of breach
* 2nd e-mail gave the small (issued early) to large (issued later) breach lists
*3rd e-mail with the 3-only data types

I'm otherwise not sure why I would be receiving two different emails to the same email address given I don't have QBR, don't share my details with anyone else, have never had another FF account and can't think of any other valid reason for having a "second" profile if it's all based around unique email address.

Thats the magic question

 

[DejaBrew]

What does your online account show? A superset containing the items in both emails?

Both emails mentioned Name, Email address and Phone number, and my online account shows the superset of fields per the original notification email (i.e. 9 out of 11 possible data points).

 

[equus]

maybe lost baggage or something

That would make sense. I have had lost (actually delayed) baggage, and got the extra email, +1 has been luckier, not lost any bags, and didn't get the extra email (although we both got the full card less meal preferences which we haven't set).

 

[docjames]

Well on the bingo card posted earlier up thread,they got basically everything on me. Not sure that would be “winning”……

Interestingly mrsdoc got the last (3rd) email and had slightly less data breached, but neither of the first two. The mindocs got zero emails.

Most of my stolen info is fairly findable, but the DOB is the one that really stings as that isn’t publicly available and has the potential for most harm. It’s also annoying as it’s a number of things i can’t really change without major PITA like email, home address, mobile no, DOB (!). Happy for them to know my FF status and points balance. And unable to have travelled without having provided this info so my choice was no travel and protect info, or yield info and travel. Vexed position.

I’m dubious how they know specifically who lost what (how sure are they……) but we’ll never know that.

I suspect Qantas are now just hoping everyone moves on and it all goes away without costing them a fortune. Suspect that will be the reality up until someone or a group of individuals suffers a loss, then it will be significantly more complicated. Having been subject to a home break-in with document theft and identity fraud (cash withdrawn from a bank branch a few days later on signature……), the loss of info (especially the DOB), gives me a pretty sick feeling.

 

[Comoman]

And the QF share price climbs above $11 today - clearly the markets aren’t concerned about the impact on customers!

 

[Daver6]

And the QF share price climbs above $11 today - clearly the markets aren’t concerned about the impact on customers!

Unless it impacts profit, then no. The market doesn't care.

 

[I love to travel]

Update on their website talks about an injunction to stop data being released

 

[Daver6]

Update on their website talks about an injunction to stop data being released

Oh yes. I'm sure criminals will abide by that ruling since they also followed the law about not stealing....

 

[Pushka]

Update on their website talks about an injunction to stop data being released

Tell ‘em they’re dreaming.

 

[I love to travel]

Oh yes. I'm sure criminals will abide by that ruling since they also followed the law about not stealing....

I was wondering whether the media has hold of lists, CL members etc and the injunction was about the media publishing?

 

[Daver6]

I was wondering whether the media has hold of lists, CL members etc and the injunction was about the media publishing?

I'm very far from a legal expert, but I would have thought using stolen data for any purpose would already be illegal?

 

[MEL_Traveller]

I was wondering whether the media has hold of lists, CL members etc and the injunction was about the media publishing?

There might be one or two outliers on the CL list that the media isnt aware of… otherwise it wouod be pretty mundane I would suspect… all the usual people will be on there, so no real surprises. Perhaps interesting if someone said they had renounced their CL membership, but hadn’t!

 

[DejaBrew]

Oh yes. I'm sure criminals will abide by that ruling since they also followed the law about not stealing....

How dare you bring logic into this argument!

 

[I love to travel]

Oh yes. I'm sure criminals will abide by that ruling since they also followed the law about not stealing....

Exactly - so why did Qantas do it. Must have had a reason, maybe it was as vanilla as we are doing it so it looks like we are doing something. Waste of the courts time if that is the case

 

[dajop]

From +63 938 766 5669:

Action Required: Unusual activity has been detected in your ANZ bank account To ensure te safety of your funds please cick the followng link to verfy:

https://anz-newlog.live/

（Reply Y and reopen this message to click the linkor,or copy it to your browser）

This came to my Singapore mobile number but the phishing scam seems to be targeting an Australian audience (ANZ sold its retail operations here years ago). Also as far as my Australian accounts go - Qantas is I think the only one linked to my SG number. It could be a coincidence, but I suspect not.

 

[Hadun]

it all goes away without costing them a fortune

Bloody hope not, I realise others here have joked about getting compensated with points or status but would it really kill them to issue us with new numbers at the very least? Not to mention if this all blows over as is then has it actually cost them anything apart from maybe staff overtime? I mean the help they've offered are all free or gov resources right?

 

[Flyingwombat]

Called the so called helpline today - they have released all my info... I asked for payment of credit monitoring. She didn't know what I was talking about and doesn't work for Qantas. I've now lodged a complaint with Qantas. Terrible that they are not doing the basics. I look forward to a class action.

 

[MEL_Traveller]

Bloody hope not, I realise others here have joked about getting compensated with points or status but would it really kill them to issue us with new numbers at the very least? Not to mention if this all blows over as is then has it actually cost them anything apart from maybe staff overtime? I mean the help they've offered are all free or gov resources right?

I don’t want a new number for my FF account!

And I’m not sure they can do anything with the FF number alone, except a scam text or email. Hopefully most people can avoid those!

 

[Aussietraveller86]

Oh yes. I'm sure criminals will abide by that ruling since they also followed the law about not stealing....

Its more to stop legitimate organisations (i.e. news outlet, etc) from publishing or referencing any data.