QANTAS Cyber Incident

Flyerwin said:
Telling us our data is on the dark web is not that helpful though - we can all assume it's there in one form or another. It's what do we do with that information.
Click to expand...
It means we know as opposed to assume, which makes it evidence if someone is signed up for the class action.
 
Aggi said:
I got a similar email from Equifax today, although my paid subscription has expired so it didn’t say what the data was.
Click to expand...
I didn't get anything from them and my subscription expired last month. Waiting for Qantas to give me another year
 
Score 10,000 Bonus PayRewards Points on your business spend!*
Elevate your business spending to first-class rewards! Sign up today with code AFF10 and process over $10,000 in business expenses within your first 30 days to unlock 10,000 Bonus PayRewards Points.
Join 30,000+ savvy business owners who:

✅ Pay suppliers who don’t accept Amex
✅ Max out credit card rewards—even on government payments
✅ Earn & transfer PayRewards Points to 10+ airline & hotel partners

Start earning today!
- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners

AFF Supporters can remove this and all advertisements

bussyboy said:
So Norton is above the law and accessing the data, using it for marketing purposes!?

Really though, nothing you can do about it, so I'm happy to move on
Click to expand...
They've just complied with the letter of the law, as they haven't done anything with the data. All these large companies maintain databases to identify vulnerabilities and who of their existing customers might be at risk i.e. create more value for their product. It's just a pity that valuable services like 'Have I Been Pwned' have to err on the side of caution.

And I'll be ready to move on, once I am satisfied with the price Qantas will pay i.e. fine, is commensurate with their failing in this matter. Then the executive management might start thinking about something other than themselves.
 
So I decided to call the Qantas cyber incident number to discuss the situation and see what the current position is/ what to do about it.

I'm 99.99% sure I got Hobart when I called (fairly sure I have spoken to this rep previously for help with a booking which was a good experience).

However for this, the rep was pretty blasé about it. Mentioned the information was due to a 3rd party system they store their information in. Just said yeah pretty much everyone including themselves were affected and the information taken wasn't much different to what other companies have anyway, then referred me to ID care and said I could pay for identity protection myself if I wanted to. I asked if Qantas would pay for the service, they said the service they are providing is referring to ID care. I let them go and did the ID care thing.

The list in my account of what information has been taken is pretty much every single point of personal identity besides my password and credit card details. While I accept the unfortunate fact that most of this information of mine has already been leaked by other organisations (Optus + some others) I still don't think it diminishes the seriousness of the matter.

Also after already going through the process of changing what I can after the Optus breach, now the Qantas one has provided a "current" list of our information.

While the situation is unfortunate and I have worked for a company that has experienced the same thing occur, it doesn't feel like Qantas is taking it seriously. It just feels like a "sorry we got robbed of your information but it isn't really our fault and it really isn't that bad". I received more communication from Optus about the matter and was very easily offered Equifax 12 months identity protection.

I will use the feedback form and request 12 months identity protection.
 
Spacetravel said:
I received more communication from Optus about the matter and was very easily offered Equifax 12 months identity protection.
Click to expand...
Mmm, while I agree Qantas are doing a poor job, I have to push back on the idea that Optus did better. They did not offer me (nor give me when I asked for it) ID protection because I wasn't a current customer (I had left Optus years before the breach but had my license leaked, meaning I had to get it physically replaced) - in fact, of all the data breaches that I've been subject to, the only one who reached out proactively and provided me with this service was Wise and the Evolve Bank & Trust breach.

Which is, at the end of the day, the only class action I wouldn't bother joining because it was low impact to me and I was satisfied with the proactivity. I have joined the Optus class action and I would the Qantas one too. It doesn't matter if I get much back, it is about ensuring that the organisations pay for their negligence.
 
MEL_Traveller said:
They may do if Norton is carrying on business in australia, which it does.

Foreign companies are not immune to prosecution in Australia if they breach local law.
Click to expand...

Maybe, but in the specific instance at hand, I can't imagine anyone (let alone Qantas) doing much about it. Imagine the PR look of Qantas taking Norton to task for this...
 
Spacetravel said:
I received more communication from Optus about the matter and was very easily offered Equifax 12 months identity protection
Click to expand...
As far as I know, only 11,000 Optus user details made it to the dark web... I checked for me and family ,(following instructions on the abc's website) and we were clear. 11,000 out of 6 million means just about everyone was clear. AND they paid for 12 months Equifax, AND the word around the camp fire is they paid to make the rest of the 6 mil vanish

Flyingwombat said:
Just to let everyone know, I emailed the Qantas privacy officer ([email protected]) to demand a code for the credit monitoring service now that there is confirmation that the data is on dark web. I got a reply same day with a free code for 12 months credit monitoring through Equifax.
Click to expand...

I emailed them a week ago, still no reply... you may have gotten the last free Equifax subscription
 
I emailed Qantas privacy officer on Monday 20th October and got a response on Friday 24th October with an offer of 12 months Equifax



Dear VPS,

We understand your concern in relation to the news of information being released on the dark web. Qantas is one of a number of companies globally that has had data released by cyber criminals following the airline’s cyber incident where customer data was stolen via a third-party platform, which customers were notified about in early July.

With the help of specialist experts, we continue to monitor the situation and respond accordingly. Our focus continues to be on supporting customers, and our dedicated support line remains available 24/7 on 1800 971 541 or +61 2 8028 0534.

If your personal information was compromised, an email titled “Confirmation of your details impacted by the cyber incident” was sent to you in July, advising you of the types of your personal data that were contained in the impacted system. Our analysis confirms that no credit card details, personal financial information, or passport details were stored in the affected system, and so we can confirm none of this information was released. Your Qantas Frequent Flyer account remains secure – passwords, PINs, and login details were not accessed or compromised.

The most up to date information about the incident is available on the dedicated cyber incident page on the Qantas website. We will continue to update that page.

What we are doing

Since the incident, we have put additional security measures in place to further restrict access and strengthen system monitoring and detection. This includes additional security measures for Qantas Frequent Flyer accounts to further protect them from unauthorised access, including requiring additional identification for account changes.

Through the NSW Supreme Court, we have an ongoing injunction in place to prevent the stolen data being accessed, viewed, released, used, transmitted or published by anyone, including third parties. We are continuing to engage with the Australian Federal Police, and are working with the Federal Government’s National Cyber Security Coordinator, the Australian Cyber Security Centre and independent specialised cyber security experts, in responding to the release of the data and the cyber incident more broadly.  We have also put in place additional security measures, increased training across our teams and strengthened system monitoring and detection since the incident occurred.

To further support customers with any identity management concerns, we have partnered with IDCARE who can provide specialist advice.  They can be contacted between 8am and 5pm AEST Monday to Friday on 1800 595 160 (please quote the reference number QANT25).

Remaining vigilant to any potential misuse of personal information

We recommend that customers continue to remain vigilant to any misuse of their personal information.

You can access information on scams and recommendations on what to do to remain vigilant to any misuse of your personal information via the Australian Cyber Security Centre and the National Anti-Scam Centre's Scamwatch webpage, IDCARE's Learning Centre and the Office of the Australian Information Commissioner. Our Cyber teams continue to monitor 24/7 to prevent phishing attempts and block fraudulent “Qantas” websites and other communications. Please also refer to our dedicated cyber incident page on the Qantas website for resources and further information on how to spot, avoid and report scams.

Identity monitoring

We would like to offer you a 12-month subscription to Equifax Protect, a comprehensive credit and identity monitoring service. This is at no cost to you.

The service includes the following:
  • Credit report monitoring and alerts, including alerts for key changes on your credit report and access to monthly Equifax credit reports
  • Dark web monitoring and alerts, including ‘Identity Protection’ powered by Norton™ *
  • Identify theft insurance (up to $15,000 annual cover) ^
More information on Equifax Protect is available at Credit and identity protection | Equifax Australia.

To access this support, please follow the steps below:
Please note, this is a unique, one-time code and should not be shared with anyone else, as it has been issued in response to your specific circumstances. Your unique code will expire after six months. If you have any questions about Equifax Protect or redeeming your subscription, please see the frequently asked questions available on the Equifax website or contact Equifax on 13 83 32 (and select option ‘2’).

We recognise the concern this incident has caused and are deeply sorry.

Kind regards,

Qantas Group Privacy Office

* Dark web monitoring defaults to monitor your email address only and begins immediately. Sign in to your account to enter more information.

^ Terms, conditions, exclusions and limitations apply. The Identity Guard Insurance Policy Information Booklet is available on the Equifax Protect webpage.

Subscriptions are subject to the Credit and Identity Terms available at www.equifax.com.au/credit-identity-terms. Eligibility criteria applies.
 
Last edited:

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

... and 11 more.
Total: 990 (members: 61, guests: 929)
Back
Top