QANTAS Cyber Incident

[RooFlyer]

So if you’ve opted out for marketing emails, you’re deemed also opted out for receiving emails that your data has been breached?

 

[Pushka]

So if you’ve opted out for marketing emails, you’re deemed also opted out for receiving emails that your data has been breached?

Not sure. This is my profile. Surely this should have been enough? Although I guess being hacked is not a benefit

 

[prozac]

Based on our investigation, we can confirm this includes your information below:

• Name
• Email
• Phone
• Gender
• QFF Number
• Tier
• Points balance
• Status credits
• DOB
• Address

Snap for me. Fortunately not my driver's license.
Really, very disappointed in how Qantas are handling this. Extra PO'd they enabled it to happen in the first place.

 

[Aeryn]

Not sure. This is my profile. Surely this should have been enough? Although I guess being hacked is not a benefit

I think fact that you are opted out of News & Offers is the problem.

 

[Pushka]

I think fact that you are opted out of News & Offers is the problem.

That's pretty ridiculous when it comes to hacks.

 

[Aeryn]

That's pretty ridiculous when it comes to hacks.

Not saying its sensible but is my best guess. Im pretty sure that is the same preference that makes sure you get DSC offers.

 

[DejaBrew]

So if you’ve opted out for marketing emails, you’re deemed also opted out for receiving emails that your data has been breached?

It's of course possible, but I would consider these comms to be "service communications" and hence transactional. I would expect Qantas to see it in a similar way. They should be ignoring opt-outs and unsubscribes. They would easily pass the "reasonableness" test in terms of whether it's fair and reasonable that a customer would expect to be contacted with this information regardless of their subscription preferences.

 

[Quickstatus]

Like you I've not received ANY email from Qantas. I just checked this while logged in :

Ive only had one email
checking the details - Im same as you

 

[RooFlyer]

It's of course possible, but I would consider these comms to be "service communications" and hence transactional. I would expect Qantas to see it in a similar way.

Apologies; my weakness for being facetious showing through.

No system is perfect I suppose but God knows why some people are missing out on the emails about the data breach.

It looks like Qantas is now in 'lets forget about it and move on' mode as far as it’s ~6 million breached members are concerned.

 

[Pushka]

Apologies; my weakness for being facetious showing through.

No system is perfect I suppose but God knows why some people are missing out on the emails about the data breach.

It looks like Qantas is now in 'lets forget about it and move on' mode as far as it’s ~6 million breached members are concerned.


View attachment 461339

If their estimates of 6million affected were based on the number of emails sent out then in reality that’s inaccurate and the numbers are potentially their complete membership group.

Post automatically merged: Yesterday at 12:15 PM

Not saying its sensible but is my best guess. Im pretty sure that is the same preference that makes sure you get DSC offers.

I get those.

 

[Quickstatus]

God knows why some people are missing out on the emails about the data breach.

Qantas = consistently inconsistent or inconsistently inconsistent?

 

[RSD]

It looks like Qantas is now in 'lets forget about it and move on' mode as far as it’s ~6 million breached members are concerned.


View attachment 461339

Pretty much.

What data breach?

 

[OATEK]

I'm still on the first email

If you log in to your account , then go to Profile / Cyber Incident Review it will have the final aggregated impact for you account.

I think fact that you are opted out of News & Offers is the problem.

I think lots of variations here. I received first email (3 x data items leaked), then nothing. I log in and its the full monty except passport #.

 

[SYD]

I think lots of variations here. I received first email (3 x data items leaked), then nothing. I log in and its the full monty except passport #.

PP# (nor DL), nor QFF PIN, nor payment details were hacked according to the list issued by QF.

 

[Dvg]

Snap for me. Fortunately not my driver's license.
Really, very disappointed in how Qantas are handling this. Extra PO'd they enabled it to happen in the first place.

I’m of the opinion Qantas is just sitting on their hands waiting for it all to go away. MSM has completely dropped off the story.

Post automatically merged: Yesterday at 1:40 PM

Qantas = consistently inconsistent or inconsistently inconsistent?

There are known unknowns and there are……….

 

[Aeryn]

I’m of the opinion Qantas is just sitting on their hands waiting for it all to go away.

Definitely as they didn't offer anything helpful like free credit monitoring nor any points/SC apology.

 

[blackcat20]

In today's email

We’d like to once again acknowledge the recent cyber incident and sincerely apologise that this occurred. Since the incident we have put additional security measures in place to further restrict access and strengthen our system monitoring and detection.

Our primary focus continues to be on supporting you and keeping your data safe. You can keep up to date via our dedicated webpage qantas.com/cyberincident or call our dedicated support line on 1800 971 541 or +61 2 8028 0534 for access to specialist identity protection advice and resources. Information on cyber safety and advice on scams is also available at qantas.com/cyber.

 

[GrahamBRI]

No system is perfect I suppose but God knows why some people are missing out on the emails about the data breach.

I am in no way supportive of Qantas. This has been am abysmal response here!..... but my deductions with respect to the inconsistent emails (reviewed across 5 accounts that I manage) is that emails were sent to the email address that was used, in the actual interaction with the Manila call center (or frequent flyer email/ contact forms) at the actual time of the transaction. Which in my cases, was not always the email address associated with the accounts I manage. So I got some emails with breach information that were never directly associated with the frequent flyer account, but to the email I used in the interaction.
So I am guessing that the online version, of what data was hacked, is a reverse lookup of their database (indexed by email address) and is identifying hacked information associated with the frequent flyer account and not with the email address used in the interaction.
Theory only, but holds true for me. (If true, it would mean I also got emails sent to addresses I no longer have)

 

[VPS]

In today's email

so do you think if I call them they will pay for credit monitoring

 

[lovestotravel]

Apologies; my weakness for being facetious showing through.

No system is perfect I suppose but God knows why some people are missing out on the emails about the data breach.

It looks like Qantas is now in 'lets forget about it and move on' mode as far as it’s ~6 million breached members are concerned.


View attachment 461339

They never were going to care, and now it's out of the media cycle, it's done and dusted and up to the consumer to worry