QANTAS Cyber Incident

[QFFHntrGthr]

I got this "Here is your tax invoice" email too (once), as a P1. What the heck? The FF and QC links look legitimate apart from the fact they're not https. The PDF preview (I didn't open the PDF) has my name, address and FF #.

If this is a legitimate email, why on earth would they think links to the FF and QC T&Cs would be helpful in any way?
If not, looks like the exploitation has started for me

I rang the QFF service centre (dreaded Manila) this morning. Yes the email is legitimate. They sent it last night but there's no payment taken she assured me to which I responded that I know since I have not provided any card details and records for past payments Qantas says is not kept. I asked her to explain why they would send out an email with a tax invoice for something nobody has ordered and where no payment is due. No coherent answer.
She didn't even know why they issued a new P1 card (of course we all know in this community thanks to @Princess Fiona ) when I didn't order one. So much for internal training & communication.

 

[Larko1]

Are you P1 @Larko1 ? Spoke to the call centre. They 've had several calls all from P1s re this email. They think it might be related to the blue changeover but have to confirm with QFF team in the morning. Now I can stop fretting and have an overdue shut eye.

Yes.

 

[flyingfan]

I rang the QFF service centre (dreaded Manila) this morning. Yes the email is legitimate.

Thanks for reporting back. Happy it's not a hack, but irritated at QF for this amateurish confusion. I feel like replying and quoting links to their own privacy policies and the OAIC back at them.

I can't wait for my blue card to arrive. /sarcasm

 

[MEL_Traveller]

I rang the QFF service centre (dreaded Manila) this morning. Yes the email is legitimate. They sent it last night but there's no payment taken she assured me to which I responded that I know since I have not provided any card details and records for past payments Qantas says is not kept. I asked her to explain why they would send out an email with a tax invoice for something nobody has ordered and where no payment is due. No coherent answer.
She didn't even know why they issued a new P1 card (of course we all know in this community thanks to @Princess Fiona ) when I didn't order one. So much for internal training & communication.

my guess… it seems they are ordering the new cards for those eligible, and did this through the regular order system. Instead of suppressing any customer email and payment, they somehow got sent out. The supplier/card printer probably takes details off the internal order system.

 

[Comoman]

Just read that Optus is being taken to court re: their 2022 data breach by the Australian Information Commissioner.

I wonder if Qantas will be next?

 

[oz_mark]

Just read that Optus is being taken to court re: their 2022 data breach by the Australian Information Commissioner.

I wonder if Qantas will be next?

For reference: Australian Information Commissioner takes civil penalty action against Optus

 

[Be.au]

And Qantas hasn’t put an update on the website since 23rd of July, they are just expecting everyone to get over it.

Probably because... there is no update?

 

[Q Class Plebeian]

I have changed my QFF email address to an encrypted service.Now I receive the same emails on both the encrypted service and the old QFF email address.This may simply be a time lag or perhaps Qantas does not have the capability to regulate its messaging system.

 

[Flyfrequently]

Bugga, & haven't received my email yet.

I got mine this morning @prozac @Berlin

 

[jamesatfish]

Thanks for reporting back. Happy it's not a hack, but irritated at QF for this amateurish confusion. I feel like replying and quoting links to their own privacy policies and the OAIC back at them.

I can't wait for my blue card to arrive. /sarcasm

 

[flyingfan]

Received the tax invoice error email too, which looks a lot more professionally formatted.

Given I'll drop from P1, a new blue card that'll last a few months will be a novelty.

 

[elanshin]

For what its worth AF/KLM have also confirmed they got hit with the same attack and breeched. (Along with bunch of other companies like adidas, dior, tiffany, google).

 

[LondonAussie]

The AF/KLM hack has barely made the news (I guess the media have become bored of breaches) but from the details I've seen it sounds very similar to the Qantas hack:

The airlines, which share a parent company, Air France-KLM Group, did not publicly specify the types of data that were stolen but said in a joint statement that "no sensitive data such as passwords, travel details, Flying Blue miles, passport, or credit card information was stolen."

However, customer notifications circulating online noted that customer names and contact details, along with frequent flyer numbers and tier levels, and the subject lines of service request emails were accessed.

 

[05flyer]

For what its worth AF/KLM have also confirmed they got hit with the same attack and breeched. (Along with bunch of other companies like adidas, dior, tiffany, google).

If it’s of any interest, I received the attached email from KLM this morning.

Sounds nearly identical to the QF situation, but that more specific details about customer service interactions were impacted. I’d assume this may put PNRs, and indirectly, passport info at risk?