QANTAS Cyber Incident

[SYD]

Some people got emails containing Passport Number too!

Not that we’re aware of (ie not posted here).

 

[exLXCXFF]

Not that we’re aware of (ie not posted here).

I thought that if we scroll through the 75 pages you would find that one, see Post 1094.

There were definitively screenshots of it as well on the Facebook QF Platinum Frequent Flyer page (a couple actually - made me very nervous!).

 

[clifford]

As far as has been reported,

Yes, they're the operative words....

 

[RooFlyer]

It is possible that some piece of data gained from the QF leak, when matched up and added to data someone may have about a given person from other leaks, could be enough to reasonably attempt access to another account.

Yes, that's exactly the issue with the Qantas data breach. None of this 'your points are safe' carp.

 

[blackcat20]

I thought that if we scroll through the 75 pages you would find that one, see Post 1094.

There were definitively screenshots of it as well on the Facebook QF Platinum Frequent Flyer page (a couple actually - made me very nervous!).

I think that post was in jest as far as I could tell.

 

[SYD]

I think that post was in jest as far as I could tell.

No, see also Post #1130.

AFAIK, no AFF member has reported having their PP# hacked. One 3rd hand report at that other quoted post.

Many of us have had the full Bingo card (as published by QF) or less. Not more (so far).

 

[RooFlyer]

Many of us have had the full Bingo card (as published by QF) or less. Not more (so far).

unless you take notice of the second email with an average of three data types

 

[SYD]

unless you take notice of the second email with an average of three data types

But they still aggregate within the superset published.

 

[RooFlyer]

But they still aggregate to the superset published.

so the second email was additional to the first list, maybe overlapping and not instead of?

 

[SYD]

so the second email was additional to the first list, maybe overlapping and not instead of?

That’s my understanding.

My personal account had most data fields leaked. Another email relating to QBR had a subset (but unfortunately associated with another email address).

I could well have other records linked to an old work email address (that I no longer have access to), and blissfully unaware…

When I log into my personal account the list of fields accessed matches the email. It would be interesting to know if someone’s online list is different to the aggregate of info provided on one or more emails.

 

[Quickstatus]

I'm still on the first email

 

[MEL_Traveller]

so the second email was additional to the first list, maybe overlapping and not instead of?

I think it is best to assume that the maximum amount of data, contained in either of the emails, is what was obtained.

 

[Aeryn]

I think it is best to assume that the maximum amount of data, contained in either of the emails, is what was obtained.

If you log in to your account , then go to Profile / Cyber Incident Review it will have the final aggregated impact for you account.

 

[Big John]

If you log in to your account , then go to Profile / Cyber Incident Review it will have the final aggregated impact for you account.

Thanks @Aeryn for this. Didn't know that.

 

[flyingsal]

Worth logging in to check for kids under 15. Found my daughter has been breached despite not having received any emails about her at all. All Qantas comms state they will notify age 15+, nothing about those under.

 

[ellen10]

If you log in to your account , then go to Profile / Cyber Incident Review it will have the final aggregated impact for you account.

Yes also a thanks from me @Aeryn . I didn't know that either.

 

[RB001]

Y'all must've missed post #1028...

 

[prozac]

What a difference in response. Cathay's communication to their member flyers:

Latest update: 24 Jul 2025 22:30 HKT (GMT+8)​

Cathay advises there have been fraudulent activities found on some Cathay membership accounts which led to unauthorised access to personal data and theft of Asia Miles. Personal data includes personal particulars and travel details, but no credit card information was exposed.

Our preliminary investigation suggests that Asia Miles theft by unauthorised parties was the primary motivation, though the misuse of personal data remains a possibility. The unauthorised parties used valid members' credentials, some of which were found to be exposed on the internet, to log in and then fraudulently bypassed the secondary verification process to access Asia Miles in the accounts, by exploiting an issue in such process. The secondary verification issue has already been rectified and the process further strengthened by Cathay to ensure similar incidents will not happen again.

We have identified that approximately 1,000 Cathay accounts, most of which belong to Hong Kong-based members, were impacted by this incident. For the majority of the affected members, we have already been in contact with them, restored their accounts and reinstated their lost Asia Miles. We are now in the process of verifying the identities of the remaining affected members, whose accounts have been temporarily locked for security purposes. We shall contact them individually as soon as possible to restore their accounts and reinstate any lost Asia Miles.

We have reported this incident to the relevant authorities, including The Office of the Privacy Commissioner for Personal Data. We have also engaged an external expert to conduct a comprehensive independent investigation into the incident.

We would like to remind our members to stay vigilant by protecting their passwords, avoid sharing them with third parties, updating them regularly and changing to passkey authentication as an upgraded security measure. We also suggest members remain alert to phishing attempts, be cautious of any unknown or suspicious communications, refrain from opening unverified links or attachments, and remain aware of potential fraudulent activities.

We sincerely apologise to the affected members for this incident.