QANTAS Cyber Incident

SYD · Monday at 7:46 PM

exLXCXFF said:
Some people got emails containing Passport Number too!

Not that we’re aware of (ie not posted here).

exLXCXFF · Monday at 7:50 PM

SYD said:
Not that we’re aware of (ie not posted here).

I thought that if we scroll through the 75 pages you would find that one, see Post 1094.

There were definitively screenshots of it as well on the Facebook QF Platinum Frequent Flyer page (a couple actually - made me very nervous!).

clifford · Monday at 8:16 PM

Himeno said:
As far as has been reported,

Yes, they're the operative words....

RooFlyer · 2025-07-29T11:31:05+1000

Himeno said:
It is possible that some piece of data gained from the QF leak, when matched up and added to data someone may have about a given person from other leaks, could be enough to reasonably attempt access to another account.

Yes, that's exactly the issue with the Qantas data breach. None of this 'your points are safe' carp.

blackcat20 · 2025-07-29T11:46:14+1000

exLXCXFF said:
I thought that if we scroll through the 75 pages you would find that one, see Post 1094.

There were definitively screenshots of it as well on the Facebook QF Platinum Frequent Flyer page (a couple actually - made me very nervous!).

I think that post was in jest as far as I could tell.

SYD · 2025-07-29T12:29:51+1000

blackcat20 said:
I think that post was in jest as far as I could tell.

No, see also Post #1130.

AFAIK, no AFF member has reported having their PP# hacked. One 3rd hand report at that other quoted post.

Many of us have had the full Bingo card (as published by QF) or less. Not more (so far).

RooFlyer · 2025-07-29T14:08:46+1000

SYD said:
Many of us have had the full Bingo card (as published by QF) or less. Not more (so far).

unless you take notice of the second email with an average of three data types

SYD · 2025-07-29T14:10:26+1000

RooFlyer said:
unless you take notice of the second email with an average of three data types

But they still aggregate within the superset published.

RooFlyer · 2025-07-29T14:12:47+1000

SYD said:
But they still aggregate to the superset published.

so the second email was additional to the first list, maybe overlapping and not instead of?

SYD · 2025-07-29T14:20:19+1000

RooFlyer said:
so the second email was additional to the first list, maybe overlapping and not instead of?

That’s my understanding.

My personal account had most data fields leaked. Another email relating to QBR had a subset (but unfortunately associated with another email address).

I could well have other records linked to an old work email address (that I no longer have access to), and blissfully unaware…

When I log into my personal account the list of fields accessed matches the email. It would be interesting to know if someone’s online list is different to the aggregate of info provided on one or more emails.

Quickstatus · 2025-07-29T14:43:22+1000

I'm still on the first email

MEL_Traveller · 2025-07-29T14:47:30+1000

RooFlyer said:
so the second email was additional to the first list, maybe overlapping and not instead of?

I think it is best to assume that the maximum amount of data, contained in either of the emails, is what was obtained.

Aeryn · 2025-07-29T15:17:28+1000

MEL_Traveller said:
I think it is best to assume that the maximum amount of data, contained in either of the emails, is what was obtained.

If you log in to your account , then go to Profile / Cyber Incident Review it will have the final aggregated impact for you account.

Big John · 2025-07-29T17:20:00+1000

Aeryn said:
If you log in to your account , then go to Profile / Cyber Incident Review it will have the final aggregated impact for you account.

Thanks @Aeryn for this. Didn't know that.

flyingsal · 2025-07-29T19:09:15+1000

Worth logging in to check for kids under 15. Found my daughter has been breached despite not having received any emails about her at all. All Qantas comms state they will notify age 15+, nothing about those under.

ellen10 · 2025-07-29T19:36:26+1000

Aeryn said:
If you log in to your account , then go to Profile / Cyber Incident Review it will have the final aggregated impact for you account.

Yes also a thanks from me @Aeryn . I didn't know that either.

RB001 · 2025-07-29T19:44:12+1000

Y'all must've missed post #1028...

prozac · 2025-07-29T22:47:33+1000

What a difference in response. Cathay's communication to their member flyers:

Latest update: 24 Jul 2025 22:30 HKT (GMT+8)

Cathay advises there have been fraudulent activities found on some Cathay membership accounts which led to unauthorised access to personal data and theft of Asia Miles. Personal data includes personal particulars and travel details, but no credit card information was exposed.

Our preliminary investigation suggests that Asia Miles theft by unauthorised parties was the primary motivation, though the misuse of personal data remains a possibility. The unauthorised parties used valid members' credentials, some of which were found to be exposed on the internet, to log in and then fraudulently bypassed the secondary verification process to access Asia Miles in the accounts, by exploiting an issue in such process. The secondary verification issue has already been rectified and the process further strengthened by Cathay to ensure similar incidents will not happen again.

We have identified that approximately 1,000 Cathay accounts, most of which belong to Hong Kong-based members, were impacted by this incident. For the majority of the affected members, we have already been in contact with them, restored their accounts and reinstated their lost Asia Miles. We are now in the process of verifying the identities of the remaining affected members, whose accounts have been temporarily locked for security purposes. We shall contact them individually as soon as possible to restore their accounts and reinstate any lost Asia Miles.

We have reported this incident to the relevant authorities, including The Office of the Privacy Commissioner for Personal Data. We have also engaged an external expert to conduct a comprehensive independent investigation into the incident.

We would like to remind our members to stay vigilant by protecting their passwords, avoid sharing them with third parties, updating them regularly and changing to passkey authentication as an upgraded security measure. We also suggest members remain alert to phishing attempts, be cautious of any unknown or suspicious communications, refrain from opening unverified links or attachments, and remain aware of potential fraudulent activities.

We sincerely apologise to the affected members for this incident.

AustraliaPoochie · 2025-07-29T23:38:19+1000

muppet said:
Hmmm. Name, birthday, address … its enough for most banks I’m betting.

Some banks will ask how many sub accounts you have with them, and the balance.
So the scammer would need to know your CRN, and try to change password, and then log into your account to know how many sub accounts you have with them.
Of course, if you get a call or sms from a bank that you do not have an account with, you will know its a scam.
Scammer would first need to port the number, maybe that is why they aimed for Optus first, or Medibank first, or Latitude first.
Wouldnt put it past the scammers to go all in, ie, the 4 companies, as they are all connected, all were points earning partners at one time.
If once they match the data, they would have a wide knowledge of the individual.

QANTAS Cyber Incident

Enthusiast

Active Member

Established Member

Veteran Member

Enthusiast

Enthusiast

Veteran Member

Enthusiast

Veteran Member

Enthusiast

Enthusiast

Veteran Member

Member

Active Member

Junior Member

Established Member

Active Member

Senior Member

Latest update: 24 Jul 2025 22:30 HKT (GMT+8)​

Senior Member

Become an AFF member!

AFF forum abbreviations

Latest update: 24 Jul 2025 22:30 HKT (GMT+8)