QANTAS Cyber Incident

[Q Class Plebeian]

I received a few emails on the weekend welcoming me to JAL .Funny , I dont recall signing up and also there was not a membership number on any of the emails.
Assume this is one of many scam attempts in the wake of the leaked QFF details.

 

[Flyfrequently]

I received a few emails on the weekend welcoming me to JAL .Funny , I dont recall signing up and also there was not a membership number on any of the emails.
Assume this is one of many scam attempts in the wake of the leaked QFF details.

Not sure if it's a scam but like you @Q Class Plebeian have been "signed up" and subsequent emails

 

[Flyingwombat]

I received a few emails on the weekend welcoming me to JAL .Funny , I dont recall signing up and also there was not a membership number on any of the emails.
Assume this is one of many scam attempts in the wake of the leaked QFF details.

Yep - partner got a fake "unrecognized log in attempt" email from "Qantas". It had a sharp looking QF logo so he was initially wondering. The US English alerted me first and then the dodgy email address was visible... Otherwise it was a tidy looking email with no spelling mistakes and decent grammar. They are getting better at it.

 

[DejaBrew]

They are getting better at it.

Or ChatGPT is getting better

 

[VPS]

Just emailed Qantas and asked for 12 months credit monitoring. Let's see what happens

 

[JustSlash]

Just got this alert from Equifax today, wonder how do they get access to the leak info?

 

[VPS]

Just got this alert from Equifax today, wonder how do they get access to the leak info?

View attachment 476691

Do you have a subscription with them

 

[SYD]

Do you have a subscription with them

Yes, I was pondering the same.

For anyone who DOESN’T have a current paid subscription, an email like that could well be a phishing scam…

 

[justinbrett]

Yes, I was pondering the same.

For anyone who DOESN’T have a current paid subscription, an email like that could well be a phishing scam…

I got an email from Norton saying the same thing. I haven’t subscribed to Norton for at least 5 years.

The email is legit. Of course when you click the more details button it asks for you to log in and this is where they sell you a new subscription.

When I did subscribe to them I got a lot of these notifications, which is why I’m not phased about the QF leak. My data has been leaked so many times, I stopped caring.

Just got this alert from Equifax today, wonder how do they get access to the leak info?

View attachment 476691

Dark web monitoring is an advertised service of these companies.

 

[Be.au]

Dark web monitoring is an advertised service of these companies.

I assume @JustSlash meant from a legal POV due to the permanent injunction

 

[justinbrett]

I assume @JustSlash meant from a legal POV due to the permanent injunction

Both Equifax and Norton are American companies.

 

[Pushka]

Nord VPN is sending similar emails. It’s legit.

 

[JustSlash]

Do you have a subscription with them

Yeah, I subscribed the annual one after all those breach, they occasionally email if they claim to find your email on the dark web (or so they say).

I assume @JustSlash meant from a legal POV due to the permanent injunction

Yeah, you’re right ! I was referring to the permanent injunction. I thought it wasn’t accessible, so if they know now, does that mean it can be accessed?

 

[Be.au]

Yeah, you’re right ! I was referring to the permanent injunction. I thought it wasn’t accessible, so if they know now, does that mean it can be accessed?

Technically it's not legal for "anyone" - and the stolen data is prohibited to be "accessed, viewed, released, used, transmitted or published"

But unlike law abiding Australian citizens (like Troy Hunt of Have I Been Pwned), presumably the US companies don't think Qantas will go after them.

Post in thread 'QANTAS Cyber Incident'

Oct 12, 2025

Not sure if an overseas hosted site like HIBP would be necessarily bound by an Aus injunction., and in any event they are making substantial alterations to the dataset.

https://twitter.com/x/status/1974231071119344072

Doesn't look like Troy wants to get sued.

https://twitter.com/x/status/1974242070492549572

https://twitter.com/x/status/1946147495521968129

• Be.au

• 

 

[oz_mark]

Technically it's not legal for "anyone" - and the stolen data is prohibited to be "accessed, viewed, released, used, transmitted or published"

But unlike law abiding Australian citizens (like Troy Hunt of Have I Been Pwned), presumably the US companies don't think Qantas will go after them.

Post in thread 'QANTAS Cyber Incident'

Oct 12, 2025

Not sure if an overseas hosted site like HIBP would be necessarily bound by an Aus injunction., and in any event they are making substantial alterations to the dataset.

https://twitter.com/x/status/1974231071119344072

Doesn't look like Troy wants to get sued.

https://twitter.com/x/status/1974242070492549572

https://twitter.com/x/status/1946147495521968129

• Be.au

• 

I guess it depends on whether you think the rulings of an Australian court apply to you if you are outside Australia (even if you knew about the injunction)

In any case, I can't imagine it would be a good look for Qantas to go after them.

 

[justinbrett]

It's only an interim injunction anyway. I reckon any of these companies think they would be safe in any legal action because they are not being malicious, they are not spreading the data, they're just alerting customers that the data has been leaked.

I can't see any court in Australia upholding any action against them for this.

 

[Be.au]

It's only an interim injunction anyway.

It's a permanent injunction - https://www.theaustralian.com.au/br...k/news-story/8069361b063239eae635c5111294136a

In July, Qantas was granted an interim injunction in the NSW Supreme Court in an attempt to stop the data from being accessed or released.
[...]
And on Thursday, Justice Francois Kunc agreed to make permanent orders.
Justice Kunc also agreed to a six-month non-publication order over the names of the solicitors and counsel acting for Qantas in the matter.

I can't see any court in Australia upholding any action against them for this.

Justice Kunc described hacking and data leaks as a “serious societal problem” and that the number of similar applications by targeted organisations was only going up.

He said that even though the perpetrators appeared to be “beyond our reach”, it was important for the courts not to “turn its face” on the situation.

 

[Pushka]

Nord VPN aren't taking any chances with Qantas.

 

[Flyerwin]

Telling us our data is on the dark web is not that helpful though - we can all assume it's there in one form or another. It's what do we do with that information.

 

[Aggi]

Just got this alert from Equifax today, wonder how do they get access to the leak info?

View attachment 476691

I got a similar email from Equifax today, although my paid subscription has expired so it didn’t say what the data was.