QANTAS Cyber Incident

[Pushka]

Telling us our data is on the dark web is not that helpful though - we can all assume it's there in one form or another. It's what do we do with that information.

It means we know as opposed to assume, which makes it evidence if someone is signed up for the class action.

 

[VPS]

I got a similar email from Equifax today, although my paid subscription has expired so it didn’t say what the data was.

I didn't get anything from them and my subscription expired last month. Waiting for Qantas to give me another year

 

[cove]

Norton say we are on the dark web on account of the Qantas hack.

 

[bussyboy]

So Norton is above the law and accessing the data, using it for marketing purposes!?

Really though, nothing you can do about it, so I'm happy to move on

 

[justinbrett]

So Norton is above the law and accessing the data, using it for marketing purposes!?

Really though, nothing you can do about it, so I'm happy to move on

No, Norton is American.

Australian courts do not have jurisdiction.

 

[kookaburra75]

So Norton is above the law and accessing the data, using it for marketing purposes!?

Really though, nothing you can do about it, so I'm happy to move on

They've just complied with the letter of the law, as they haven't done anything with the data. All these large companies maintain databases to identify vulnerabilities and who of their existing customers might be at risk i.e. create more value for their product. It's just a pity that valuable services like 'Have I Been Pwned' have to err on the side of caution.

And I'll be ready to move on, once I am satisfied with the price Qantas will pay i.e. fine, is commensurate with their failing in this matter. Then the executive management might start thinking about something other than themselves.

 

[Horatio]

Norton say we are on the dark web on account of the Qantas hack.

I got the same Dark Web notification from Norton this morning.

 

[Q Class Plebeian]

Not sure if it's a scam but like you @Q Class Plebeian have been "signed up" and subsequent emails

Also received an email about Club Med registration, so far all related to travel and has to be related to the QFF leak.

 

[MEL_Traveller]

No, Norton is American.

Australian courts do not have jurisdiction.

They may do if Norton is carrying on business in australia, which it does.

Foreign companies are not immune to prosecution in Australia if they breach local law.

 

[Flyfrequently]

Also received an email about Club Med registration, so far all related to travel and has to be related to the QFF leak.

Not sure if it is related @Q Class Plebeian but got Club Med as well - have unsubscribed.

 

[TheCollecter]

Not sure if it is related @Q Class Plebeian but got Club Med as well - have unsubscribed.

If a hacker emails you, and you hit unsubscribe... (sorry to be the one) but you just told them it is a valid email address that someone reads and cares about

 

[ausfox]

You can block the source address/phone number.

 

[Spacetravel]

So I decided to call the Qantas cyber incident number to discuss the situation and see what the current position is/ what to do about it.

I'm 99.99% sure I got Hobart when I called (fairly sure I have spoken to this rep previously for help with a booking which was a good experience).

However for this, the rep was pretty blasé about it. Mentioned the information was due to a 3rd party system they store their information in. Just said yeah pretty much everyone including themselves were affected and the information taken wasn't much different to what other companies have anyway, then referred me to ID care and said I could pay for identity protection myself if I wanted to. I asked if Qantas would pay for the service, they said the service they are providing is referring to ID care. I let them go and did the ID care thing.

The list in my account of what information has been taken is pretty much every single point of personal identity besides my password and credit card details. While I accept the unfortunate fact that most of this information of mine has already been leaked by other organisations (Optus + some others) I still don't think it diminishes the seriousness of the matter.

Also after already going through the process of changing what I can after the Optus breach, now the Qantas one has provided a "current" list of our information.

While the situation is unfortunate and I have worked for a company that has experienced the same thing occur, it doesn't feel like Qantas is taking it seriously. It just feels like a "sorry we got robbed of your information but it isn't really our fault and it really isn't that bad". I received more communication from Optus about the matter and was very easily offered Equifax 12 months identity protection.

I will use the feedback form and request 12 months identity protection.

 

[33kft]

I received more communication from Optus about the matter and was very easily offered Equifax 12 months identity protection.

Mmm, while I agree Qantas are doing a poor job, I have to push back on the idea that Optus did better. They did not offer me (nor give me when I asked for it) ID protection because I wasn't a current customer (I had left Optus years before the breach but had my license leaked, meaning I had to get it physically replaced) - in fact, of all the data breaches that I've been subject to, the only one who reached out proactively and provided me with this service was Wise and the Evolve Bank & Trust breach.

Which is, at the end of the day, the only class action I wouldn't bother joining because it was low impact to me and I was satisfied with the proactivity. I have joined the Optus class action and I would the Qantas one too. It doesn't matter if I get much back, it is about ensuring that the organisations pay for their negligence.

 

[oz_mark]

They may do if Norton is carrying on business in australia, which it does.

Foreign companies are not immune to prosecution in Australia if they breach local law.

Maybe, but in the specific instance at hand, I can't imagine anyone (let alone Qantas) doing much about it. Imagine the PR look of Qantas taking Norton to task for this...

 

[TheCollecter]

I received more communication from Optus about the matter and was very easily offered Equifax 12 months identity protection

As far as I know, only 11,000 Optus user details made it to the dark web... I checked for me and family ,(following instructions on the abc's website) and we were clear. 11,000 out of 6 million means just about everyone was clear. AND they paid for 12 months Equifax, AND the word around the camp fire is they paid to make the rest of the 6 mil vanish

Just to let everyone know, I emailed the Qantas privacy officer ([email protected]) to demand a code for the credit monitoring service now that there is confirmation that the data is on dark web. I got a reply same day with a free code for 12 months credit monitoring through Equifax.

I emailed them a week ago, still no reply... you may have gotten the last free Equifax subscription