QANTAS Cyber Incident

[Pushka]

Telling us our data is on the dark web is not that helpful though - we can all assume it's there in one form or another. It's what do we do with that information.

It means we know as opposed to assume, which makes it evidence if someone is signed up for the class action.

 

[VPS]

I got a similar email from Equifax today, although my paid subscription has expired so it didn’t say what the data was.

I didn't get anything from them and my subscription expired last month. Waiting for Qantas to give me another year

 

[cove]

Norton say we are on the dark web on account of the Qantas hack.

 

[bussyboy]

So Norton is above the law and accessing the data, using it for marketing purposes!?

Really though, nothing you can do about it, so I'm happy to move on

 

[justinbrett]

So Norton is above the law and accessing the data, using it for marketing purposes!?

Really though, nothing you can do about it, so I'm happy to move on

No, Norton is American.

Australian courts do not have jurisdiction.

 

[kookaburra75]

So Norton is above the law and accessing the data, using it for marketing purposes!?

Really though, nothing you can do about it, so I'm happy to move on

They've just complied with the letter of the law, as they haven't done anything with the data. All these large companies maintain databases to identify vulnerabilities and who of their existing customers might be at risk i.e. create more value for their product. It's just a pity that valuable services like 'Have I Been Pwned' have to err on the side of caution.

And I'll be ready to move on, once I am satisfied with the price Qantas will pay i.e. fine, is commensurate with their failing in this matter. Then the executive management might start thinking about something other than themselves.

 

[Horatio]

Norton say we are on the dark web on account of the Qantas hack.

I got the same Dark Web notification from Norton this morning.

 

[Q Class Plebeian]

Not sure if it's a scam but like you @Q Class Plebeian have been "signed up" and subsequent emails

Also received an email about Club Med registration, so far all related to travel and has to be related to the QFF leak.

 

[MEL_Traveller]

No, Norton is American.

Australian courts do not have jurisdiction.

They may do if Norton is carrying on business in australia, which it does.

Foreign companies are not immune to prosecution in Australia if they breach local law.

 

[Flyfrequently]

Also received an email about Club Med registration, so far all related to travel and has to be related to the QFF leak.

Not sure if it is related @Q Class Plebeian but got Club Med as well - have unsubscribed.

 

[TheCollecter]

Not sure if it is related @Q Class Plebeian but got Club Med as well - have unsubscribed.

If a hacker emails you, and you hit unsubscribe... (sorry to be the one) but you just told them it is a valid email address that someone reads and cares about

 

[ausfox]

You can block the source address/phone number.

 

[Spacetravel]

So I decided to call the Qantas cyber incident number to discuss the situation and see what the current position is/ what to do about it.

I'm 99.99% sure I got Hobart when I called (fairly sure I have spoken to this rep previously for help with a booking which was a good experience).

However for this, the rep was pretty blasé about it. Mentioned the information was due to a 3rd party system they store their information in. Just said yeah pretty much everyone including themselves were affected and the information taken wasn't much different to what other companies have anyway, then referred me to ID care and said I could pay for identity protection myself if I wanted to. I asked if Qantas would pay for the service, they said the service they are providing is referring to ID care. I let them go and did the ID care thing.

The list in my account of what information has been taken is pretty much every single point of personal identity besides my password and credit card details. While I accept the unfortunate fact that most of this information of mine has already been leaked by other organisations (Optus + some others) I still don't think it diminishes the seriousness of the matter.

Also after already going through the process of changing what I can after the Optus breach, now the Qantas one has provided a "current" list of our information.

While the situation is unfortunate and I have worked for a company that has experienced the same thing occur, it doesn't feel like Qantas is taking it seriously. It just feels like a "sorry we got robbed of your information but it isn't really our fault and it really isn't that bad". I received more communication from Optus about the matter and was very easily offered Equifax 12 months identity protection.

I will use the feedback form and request 12 months identity protection.