QANTAS Cyber Incident

Beano · 2025-10-14T15:34:01+1100

Worryingly I met someone whose passport number was used to create several bank accounts. He said it was associated with a Qantas account but hadn't flown with them for 3 years. He was busy trying to cancel the passport and applying for another. Should we be doing that to preempt any problems?

SYD · 2025-10-14T15:44:37+1100

Beano said:
Worryingly I met someone whose passport number was used to create several bank accounts. He said it was associated with a Qantas account but hadn't flown with them for 3 years. He was busy trying to cancel the passport and applying for another. Should we be doing that to preempt any problems?

Pretty sure QF doesn’t store PP details in your account. It could have been punched from an OTA or elsewhere.

There are a lot of travel related sites (including hotels - why?

) that allow you to add PP details….

NM · 2025-10-14T15:51:31+1100

Have to wonder if our parliamentary leaders had their mobile phone numbers compromised in the QF data leak?

Anthony Albanese's mobile phone number released online

Sussan Ley and other prominent Australians are among those whose details have been made available on a US-based website.

www.abc.net.au

PS. Yes, I know it is totally unrelated, but was interesting reading that news story immediately following reading posts in this thread

kevrosmith · 2025-10-14T15:54:05+1100

NM said:
Have to wonder if our parliamentary leaders had their mobile phone numbers compromised in the QF data leak?

Anthony Albanese's mobile phone number released online

Sussan Ley and other prominent Australians are among those whose details have been made available on a US-based website.

www.abc.net.au

PS. Yes, I know it is totally unrelated, but was interesting reading that news story immediately following reading posts in this thread

Came here to post this also. Watch how quickly things will move on this one, for sure.

And yes, wondered if their mobile numbers were released via the Qantas breach too.

RooFlyer · 2025-10-14T16:12:26+1100

Beano said:
Worryingly I met someone whose passport number was used to create several bank accounts. He said it was associated with a Qantas account but hadn't flown with them for 3 years. He was busy trying to cancel the passport and applying for another. Should we be doing that to preempt any problems?

Passport unfortunately one of the least secure documents for international travellers. Many/most O/S hotels take your passport and scan/copy the photo page at check-in (sometimes due to local govt legislation). Many actually keep hold of your passport for some hours/duration of stay. International cruises will hold your passport hostage for the duration, to ensure bills are paid.

This and other examples is why the Qantas reaction ('your points are safe') is so risible. Its not one hack and release, its when a couple of them get joined up ....

prozac · 2025-10-14T16:21:10+1100

NM said:
Have to wonder if our parliamentary leaders had their mobile phone numbers compromised in the QF data leak?

Anthony Albanese's mobile phone number released online

Sussan Ley and other prominent Australians are among those whose details have been made available on a US-based website.

www.abc.net.au

PS. Yes, I know it is totally unrelated, but was interesting reading that news story immediately following reading posts in this thread

Purportedly related to another Linkedin breach.

Seat0B · 2025-10-14T16:33:56+1100

moa999 said:
It certainly shouldn't be however as that information is relatively easily (and cheaply) found. Even more so for the wealthy who are likely to be company directors.

Well shouldn’t may be something we can agree on - but it is in reality.

MEL_Traveller · 2025-10-14T16:36:45+1100

Beano said:
Worryingly I met someone whose passport number was used to create several bank accounts. He said it was associated with a Qantas account but hadn't flown with them for 3 years. He was busy trying to cancel the passport and applying for another. Should we be doing that to preempt any problems?

Did this all happen since 3pm Saturday? That’s when the data was published.

As others have said, PP details weren’t part of the beach anyway.

Seat0B · 2025-10-14T16:37:31+1100

kevrosmith said:
Came here to post this also. Watch how quickly things will move on this one, for sure.

And yes, wondered if their mobile numbers were released via the Qantas breach too.

Catherine King (Transport Minister) revealed on ABC TV yesterday or the day before that her details had been leaked - didn’t specifically say her mobile number though.

MEL_Traveller · 2025-10-14T16:51:51+1100

So my DOB has gone out through the Vietnam airlines breach, as well.

Perhaps it’s time for institutions relying on DOB for identification to change?

SYD · 2025-10-14T17:01:18+1100

RooFlyer said:
Passport unfortunately one of the least secure documents for international travellers. Many/most O/S hotels take your passport and scan/copy the photo page at check-in (sometimes due to local govt legislation). Many actually keep hold of your passport for some hours/duration of stay. International cruises will hold your passport hostage for the duration, to ensure bills are paid.

Yep!

RooFlyer said:
This and other examples is why the Qantas reaction ('your points are safe') is so risible. Its not one hack and release, its when a couple of them get joined up ....

My QFF points are the least of my worries TBH.

Himeno · 2025-10-14T20:22:37+1100

MEL_Traveller said:
So my DOB has gone out through the Vietnam airlines breach, as well.

Perhaps it’s time for institutions relying on DOB for identification to change?

I was thinking about that.
The government health facilities (hospitals, walk in centers) always ask for DOB when I arrive and check in. They create an MRN (Medical Record Number) for each person when you first interact with them. Couldn't I just give them that number instead?

Laptop Jockey · 2025-10-14T21:06:02+1100

Himeno said:
I was thinking about that.
The government health facilities (hospitals, walk in centers) always ask for DOB when I arrive and check in. They create an MRN (Medical Record Number) for each person when you first interact with them. Couldn't I just give them that number instead?

Because 1. Literally nobody would remember it, especially if they're in a moment of reduced capacity for whatever reason, and it is also easy to miscommunicate or mishear an eight or ten digit number, which could have serious consequences and 2. Being able to use name and DOB is effectively a form of two factor authentication; there might be other John Smith's out there, but there's probably not many John Smith's also born on 01JAN75.

justinbrett · 2025-10-14T23:20:24+1100

Laptop Jockey said:
Because 1. Literally nobody would remember it, especially if they're in a moment of reduced capacity for whatever reason, and it is also easy to miscommunicate or mishear an eight or ten digit number, which could have serious consequences and 2. Being able to use name and DOB is effectively a form of two factor authentication; there might be other John Smith's out there, but there's probably not many John Smith's also born on 01JAN75.

DOB may have been a 2FA in the 80s but tech has progressed since then.

It’s a piece of distinguishing data but that’s very different to a form of authentication.

For many people I can get their full name and DOB from their Facebook profile.

QANTAS Cyber Incident

Beano

Established Member

SYD

Enthusiast

NM

Enthusiast

Anthony Albanese's mobile phone number released online

kevrosmith

Established Member

Anthony Albanese's mobile phone number released online

RooFlyer

Veteran Member

prozac

Senior Member

Anthony Albanese's mobile phone number released online

Seat0B

Established Member

MEL_Traveller

Veteran Member

Seat0B

Established Member

MEL_Traveller

Veteran Member

SYD

Enthusiast

Himeno

Senior Member

Laptop Jockey

Intern

justinbrett

Enthusiast

Become an AFF member!

AFF forum abbreviations

Recent Posts

Currently Active Users