QANTAS Cyber Incident

[Berlin]

Just saw on Qantas' website that they are offering "helpful tips on how to avoid being scammed online". That's really rich, coming from them. You, Qantas, it's you who got scammed because you were too stingy to properly secure OUR data (or sent it to some dodgy overseas "partner" to save a few bucks which is almost worse)! The last organisation I want scamming advice from is you! Gosh, blood pressure up...

 

[DejaBrew]

yes they’ve stopped updating because it’s all gone away now…….. as far as they’re concerned.

Was updated again on August 8th. Well.... not with anything overly consequential and still with directions to complain to someone else about your issues.

 

[MEL_Traveller]

Our household just got out first phish!!!

Qantas Frequent Flyer: Your xx_xx Award Points Expire (where xx_xx = number of points in the data breach)​

We would like to remind you that the xx_xx Rewards points in your Qantas Frequent Flyer will expire in three working days.​

Don't miss out-redeem your points today!​

https: // qantas - flyer . net / points (spaces added to remove hyperlink)​

Redeem your points for gift cards, electronics, and more.​

(Reply with "Y", then close and reopen the message to activate the link, or copy and paste the URL into Safari.)​

Thank you for being a valued​

Qantas Frequent Flyer.​

 

[GrahamBRI]

Our household just got out first phish!!!

https: // qantas - flyer . net / points (spaces added to remove hyperlink)​

Interesting,…….. That domain name that you indicate above was only created yesterday………

 

[lovestotravel]

It's okay, call IDCare they will help

 

[pretentious git]

I think fact that you are opted out of News & Offers is the problem.

I don't think so. I've never received a single email from Qantas in relation to the hack. I double checked the marketing and advertising preferences and I've opted IN to everything except "Your Qantas Money products". I've called Qantas multiple times about this and they agree its very concerning but have been unable to address it.

Apart from flight alerts I stopped receiving emails from Qantas since the breach which is odd. According to my profile, my email address is correct. I called to explain that I've stopped receiving emails and they checked and said everything is working fine. Yes I've checked spam and junk folders.

According to the "cyber incident update" section of my profile this is the data that was stolen:
"Based on our investigation, we can confirm this includes your information below:

• Name
• Email
• Phone
• Gender
• QFF Number
• Tier
• Points balance
• Status credits
• DOB
• Address
• Meal preferences"

 

[DejaBrew]

I don't think so. I've never received a single email from Qantas in relation to the hack. I double checked the marketing and advertising preferences and I've opted IN to everything except "Your Qantas Money products". I've called Qantas multiple times about this and they agree its very concerning but have been unable to address it.

Apart from flight alerts I stopped receiving emails from Qantas since the breach which is odd. According to my profile, my email address is correct. I called to explain that I've stopped receiving emails and they checked and said everything is working fine. Yes I've checked spam and junk folders.

According to the "cyber incident update" section of my profile this is the data that was stolen:
"Based on our investigation, we can confirm this includes your information below:

• Name
• Email
• Phone
• Gender
• QFF Number
• Tier
• Points balance
• Status credits
• DOB
• Address
• Meal preferences"

It's possible that Qantas' email marketing platform is blocking the marketing emails from being sent out to you for some reason. Could be a disconnect in the data sources (i.e. their Salesforce shows you as being opted in, but on their email marketing platform, you're being excluded).

 

[There'sOnlyOneJimmy]

Our household just got out first phish!!!

Qantas Frequent Flyer: Your xx_xx Award Points Expire (where xx_xx = number of points in the data breach)​

We would like to remind you that the xx_xx Rewards points in your Qantas Frequent Flyer will expire in three working days.​

Don't miss out-redeem your points today!​

https: // qantas - flyer . net / points (spaces added to remove hyperlink)​

Redeem your points for gift cards, electronics, and more.​

(Reply with "Y", then close and reopen the message to activate the link, or copy and paste the URL into Safari.)​

Thank you for being a valued​

Qantas Frequent Flyer.​

I got an almost identical one from ANZ Rewards (that I’m not enrolled in…).

 

[MEL_Traveller]

So update… the phishing text we got above is NOT related to the recent breach. Just confirmed that the number of points (around 30k) did not reflect the balance at the time of the breach…way out in fact. So this is a random and unrelated phishing attempt!

 

[OATEK]

So update… the phishing text we got above is NOT related to the recent breach. Just confirmed that the number of points (around 30k) did not reflect the balance at the time of the breach…way out in fact. So this is a random and unrelated phishing attempt!

Perhaps related in the sense that it creates opportunities for other scammers.

 

[leadman]

I don't think so. I've never received a single email from Qantas in relation to the hack. I double checked the marketing and advertising preferences and I've opted IN to everything except "Your Qantas Money products". I've called Qantas multiple times about this and they agree its very concerning but have been unable to address it.

Apart from flight alerts I stopped receiving emails from Qantas since the breach which is odd. According to my profile, my email address is correct. I called to explain that I've stopped receiving emails and they checked and said everything is working fine. Yes I've checked spam and junk folders.

According to the "cyber incident update" section of my profile this is the data that was stolen:
"Based on our investigation, we can confirm this includes your information below:

• Name
• Email
• Phone
• Gender
• QFF Number
• Tier
• Points balance
• Status credits
• DOB
• Address
• Meal preferences"

I think I'm in the same boat! I just found out, accidentally, that a new "cyber" tab was in my profile page. And it was the same message as pretentious git's quote. I've checked my spam/delete box, nothing. Called the number listed, they were pleasant, but only suggestion was to submit a request. Even Optus did better than this.

 

[amidon7]

I'll just leave this here.

 

[Be.au]

The QF pitch in public statements is that no financially sensitive details have been compromised and none of the exfiltrated PII has (yet) been 'released' by the hackers. The implication is that the risk does not justify measures such as credit monitoring even for the sub-set of customers who scored the full bingo card. I take a different view and have signed myself up for a subscription to Equifax Credit & Identity Protect.

After my identity got stolen a few years ago, I got a subscription to Equifax and kept it permanently. The peace of mind is worth every penny

Now, you can find out who may be applying for credit as it happens, not afterwards

Worth it, do it.

Can also vouch for Truyu (Truyu - a side project from CommBank Truyu - CommBank), it currently sends notifications when your documents are used for a DVS check (eg, signing up for a phone service - including prepaid, or verifying your identity with a bank) especially for things that aren't necessarily 'credit' - eg I've had alerts about my ID being used at Australia Post, National Australia Bank, AMP Bank, Telstra, Optus and Vodafone over the past year (where I've used my driver licence or Medicare card), without applying for credit so none of them appear on my Equifax, Illion or Experian credit files.

But it won't capture everything;

** The ID Usage Alert Service is not comprehensive. Importantly, you will only receive a notification if GBG has informed us that your first name, last name and date of birth have been used at an Australian merchant that is onboarded by GBG as part of our ID Usage Alert Service. As at 5 February 2025, GBG handles over 60% of online identity checks run by Australian merchants.

I got an e-mail from Truyu today about an update to their T&Cs (Terms and Conditions - Truyu) - they're adding support for Experian alerts too. (no Equifax love, sadly)

Following a successful verification, completion of your subscription account and successful record matching with Experian, you will have access to our Credit File Alert Service, provided you are eligible and have registered your details with the Credit File Alert Service.

Truyu alerts you when an enquiry is made on your Experian credit file. This service is powered by data from credit reporting body Experian regarding certain credit reporting information held by Experian. This information is delivered through the App. You acknowledge and agree that you must consider any notices or alerts you receive through the App and respond appropriately.

Once you have successfully activated your Credit File Alert Service, we will, unless you tell us otherwise, send you ongoing notifications relating to your credit file including:

• new credit file enquiries; and
• new account openings.

3 month free trial, then $4.99/month, paid in the app (so you can make use of all of those discounted / bonus points on Apple Gift Cards), month to month, cancel as you need.

(not a paid ad, just not many people have heard of Truyu before)

 

[comforttravel]

Just saw on Qantas' website that they are offering "helpful tips on how to avoid being scammed online". That's really rich, coming from them. You, Qantas, it's you who got scammed because you were too stingy to properly secure OUR data (or sent it to some dodgy overseas "partner" to save a few bucks which is almost worse)! The last organisation I want scamming advice from is you! Gosh, blood pressure up...

Yes, the Qantas website says under 'Cyber Safety . . . How to spot a scam' , "Qantas will never ask for your personal details". I've previously been told by QF that all my data has been compromised in its cyber incident.
I was expecting a refund and told (name known) from Hobart, premium line on 30-June, that it would be returned to the credit card that was used for the original booking.
As it hadn't happened, today I called again and call answered (name known) from Fiji, premium line. I was told that I needed to quote to her my credit card number with expiry date & number on back. I said I was reluctant to do so. Fiji lady again was persistent and asked again for the details. Again I said I refused to give her those details. The call ended and I was asked to conduct a short survey which I did (grrrr) and also left a very appropriate comment at the end.
I'm sure that refunds are returned to the credit card used for the original booking and the information from Hobart is correct.
No wonder Qantas customers are continually angry with Qantas asking for personal details, when their web page says " your safety is our priority , whether that's during your travel or online".

 

[Dvg]

I'll just leave this here.

This guy Chris Kohler is brilliant

 

[Cloud9]

What P***** me off is the typical Qantas response- ‘we apologised now leave us alone.’.be

You should be grateful that Hudson and her trolls know how to "apologise".

 

[prozac]

You should be grateful that Hudson and her trolls know how to "apologise".

Nah, she was criticised (by the judge) for not presenting at the trial. Same as her mentor, AJ, who bolted to Ireland with a pisspoor excuse his mother was ill just so he didn't have to lie at a government inquiry. 7&*%k!46 cowards.

 

[leadman]

I think they must be training staff on how to avoid the word "apology". JQ7 was 9hr 20min late last week, and the Captain's address, well into the flight was, quote, "Thanks for your understanding why we are late". That was it, no more, no less!!!!

 

[DejaBrew]

I think they must be training staff on how to avoid the word "apology". JQ7 was 9hr 20min late last week, and the Captain's address, well into the flight was, quote, "Thanks for your understanding why we are late". That was it, no more, no less!!!!

Did they give an explanation as to why you were delayed? If not, then that makes the Captain's announcement even more confounding.

 

[prozac]

I think they must be training staff on how to avoid the word "apology". JQ7 was 9hr 20min late last week, and the Captain's address, well into the flight was, quote, "Thanks for your understanding why we are late". That was it, no more, no less!!!!

But say, wouldn't you want to be a pilot just so you can activate the intercam and announce, "Ladies and gentlemen, I'd like to say there is no cause for alarm.", & then switch off!