Qantas data leak: How Aussies can join potential class action
One of Australia's legal firms has taken Qantas to task over a massive data breach that has left millions of customers' private information in the hands of criminals. See details.
A legal firm is investigating a potential class action against Qantas after hackers released the data of 5.7 million customers on the dark web.
Notorious hackers Scattered Lapsus$ Hunters claimed to have accessed and stolen personal
Among the 39 companies were Qantas, Toyota, Ikea, Disney, HBO Max and McDonald’s.
In an update on its ransom site last Thursday, the group threatened to leak 100GB of Telstra customers’ personal information.
Maurice Blackburn lawyers, Australia’s leading class actions law firm, has filed a complaint to the Office of the Australian Information Commissioner (AIC) against the airline for a breach of privacy.
If you have been impacted, here’s how you can get involved.
HOW DO I KNOW IF I’M AFFECTED?
Customers have been affected differently, but if you have been a Qantas passenger you may be at risk.
By now, all impacted customers should have received an email titled “confirmation of your details impacted by the cyber incident.”
The email explains exactly which of your details were accessed by the hacker and flags an update to the Qantas Frequent Flyer platform which will be available soon and allow customers to see the “types of data held on the compromised system.”
“Our customer records are based on unique email addresses, so if you have multiple email addresses registered with Qantas, you may have received a separate notification to different impacted email addresses,” Qantas said.
Make sure to check your spam or junk folder.
WHAT IS MAURICE BLACKBURN’S COMPLAINT ABOUT?
The data breach representative complaint have been made against Qantas because they claim the airline has breached the Privacy Act 1988.
This is a law the protects how personal data is handled by the government and by many private organisations.
Maurice Blackburn alleges that Qantas failed to adequately protect the personal information of its customers.
Complaining through a representative can allow a large number of the same complaint to be processed at the same time.
WHAT PERSONAL DATA WAS STOLEN?
A wide range of personal data was accessed by the hacker.
For four million customers, the data accessed is limited to their name, email address and Qantas Frequent Flyer details.
Of these four million, 1.2 million customers only had their name and email address accessed by the hacker and the remaining 2.8 million also had their Qantas Frequent Flyer number accessed.
Most of the customers whose frequent flyer number was accessed also had their tier and, in a lesser umber of cases, their points balance and status credits.
However for 1.7 million customers, the data hack was more substantial.
Of these customers, 1.3 million had their address revealed to the hacker – this includes business addresses and also the addresses of hotels customers may have stayed in which Qantas had records of for the purpose of reuniting them with misplaced baggage.
Around 1.1 million people had their date of birth accessed.
Approximately 900,000 customers had their phone numbers accessed, 400,000 had their gender revealed to the hacker and 10,000 the meal preferences they chose on flights.
No financial data was breached.
WHAT HAS QANTAS SAID?
The airline said it was investigating the incident with cyber security experts, the Australian government, the Australian Cyber Security Centre and the Australian Federal Police.
A Qantas spokesman said there would be ongoing 24/7 support for customers whose data had been breached.
The company has recommended customers take precautionary steps and maintain an increased level of vigilance in the wake of the cyber attack.
“Remain alert, especially through email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas,” an email to impacted customers reads. “Always independently verify the identity of the caller by contacting them on a number available through official channels.
“Do not provide your online account passwords, or any personal or financial information. “Qantas will never contact customers requesting passwords, booking reference details or sensitive login information.”
WHAT’S BEEN THE GOVERNMENT’S RESPONSE?
Home Affairs Minister Tony Burke said Australians affected by the hack should avoid seeking their own data from the dark web.
“No one should go looking for (the stolen data) on the dark web,” he told Radio National Breakfast.
“It’s illegal to access it, so even if you’re looking for your own material, don’t go looking for it.”
He said that while the majority of accessed data did not include phone numbers or addresses, Australians should be wary of any unusual phone calls.
“For most people, their phone numbers … aren’t part of this breach, but there are some people where phone numbers and a very small number, where home addresses are there,” he said.
“If you get a cold call that you were not expecting, and it sounds official and it sounds like they know enough that it might actually be the company, hang up (and) call back.”
He warned that advancing technology in artificial intelligence (AI) could make it harder to determine spam calls.
He urged Australians to follow for steps to keeping their data safe from hackers.
“Always make sure your updates are being done,” he said.
“Use passphrases. If you have multi factor authentication available, you should always use it.”
He also advised Australians to avoid speaking to companies that cold call, instead hanging up and calling them back directly.
“Don’t presume that, even though they sound official, that in fact, you’re talking to someone from the company,” he said.
WHO CAN PARTICIPATE IN THE COMPLAINT?
If you have been notified by Qantas that your information is at risk, then you’re able to participate.
This includes former and current customers.
It doesn't cost any more upfront and if there is a successful outcome, the cost of the service paid to Maurice Blackburn for their legal service will be deducted by the payment affected customers are entitled to.
If it’s unsuccessful no money is owed to Maurice Blackburn.
HOW DO I PARTICIPATE?
For those keen to get involved in the class action, you need your name, number, email and address to register with Maurice Blackburn.
Even if you’ve already interested your interest with another law firm you can register with Maurice Blackburn to get updates about their investigation into potential compensation.
To sign up, you can to the Register now page on the Maurice Blackburn Lawyers site under Qantas Data Breach in the Join a class action section.
Alternatively, you can get in touch with the lawyers using qantasdatabreach@mauriceblackburn.com.au
- additional reporting NewsWire
More Coverage
Originally published as Qantas data leak: How Aussies can join potential class action
Join the conversation
‘Am I a captain or a prisoner?’: Pilots hit out at airport security
Read more
Jetstar drops $229 fares to overseas hotspot
Read more