Qantas data breach: How to find out if you have been affected
Qantas customers have been left reeling after their personal details were exposed to other passengers. Here’s how to find out if you have been hacked.
Companies
Don't miss out on the headlines from Companies. Followed categories will be added to My News.
Qantas customers have been left reeling after an issue with the airline’s app gave passengers access to the personal information of other people, prompting concerns over a data breach.
After logging into the Qantas app on Wednesday, customers were shown the wrong account details, including the person’s boarding pass, frequent flyer points score and status tier.
Qantas issued an apology over the blunder and said the problem was a technology
issue and not a cyber security incident.
“The Qantas app is currently stable and operating normally following an issue with its homepage today,” the airline said in a statement posted on Wednesday.
“There were two periods today where some customers were shown the flight and booking details of other frequent flyers.
“We sincerely apologise to all customers impacted and continue to monitor the Qantas app closely.”
It comes amid a NSW data breach involving Australian-based tech company OutABox in which the personal details of visitors to some of the state’s most popular pubs, clubs and restaurants were posted online.
Here’s what you need to know about data breaches and how to protect yourself.
CAN I CHECK IF I HAVE HAD A DATA BREACH?
For those worried that they have fallen victim to a data breach, there are ways to check if your information has been leaked.
The HaveIBeenPwned website can check if an email address has appeared in any recorded data breaches.
The website is run by Australian cyber security professional Troy Hunt and is free, but users will need to subscribe if they want to check if they have been caught up in sensitive data breaches.
WHAT TO DO IF THERE IS A DATA BREACH?
It’s important to check your bank and credit card statements for any unusual activity and report anything suspicious to your bank immediately.
If you are a customer of a company that has been affected, monitor communications and updates from the firm involved by checking your email inboxes and junk folders.
The Department of Home Affairs advises Australians to protect themselves online by following three simple steps.
The first is to set up multi-factor authentication to add an extra layer of security to your online accounts.
Multi-factor authentication is when you need two or more proofs of identity to be able to log into your account, making it harder for someone else to access your online accounts.
The second step, the Department of Home Affairs says, is to install software updates regularly to keep your devices secure as failing to do so will leave you vulnerable to a cyber attack.
The third is to bulk up your passwords by creating strong and unique passphrases that are over 14 characters long and use four or more random words.
Use different passphrases for each of your accounts so that if one account gets compromised the other accounts remain safe. A password manager can help you with creating or storing unique passphrases.
HOW DO I KNOW IF I’VE BEEN HACKED?
If your email has been sending messages you didn’t create or your passwords have changed without you knowing, it’s a good sign that you have been hacked.
Other red flags to watch out for include the unauthorised installing of software on your device and fake antivirus messages that ask you to install software.
WHAT IS MEANT BY DATA BREACH?
A data breach occurs when unauthorised individuals gain access to confidential information. The consequences of a data breach can be severe and far-reaching. Hackers can use compromised data for illegal activities including identity theft, financial fraud, spamming or even extortion.
WHAT ARE THE THREE KINDS OF DATA BREACH?
The three main types of data breach are ransomware, phishing and malware.
Ransomware is when the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock the data.
Phishing campaigns, usually executed via email, phone or SMS, attempt to deceive people into giving up sensitive information such as passwords and credit card details.
The general strategy is to trick the individual into clicking a malicious link or attachment embedded in a message.
Malware is a general term used to describe intrusive programs created with ill intent and an attack mainly starts by first infecting a computer, network, or server.
WHAT IS AN EXAMPLE OF A BREACH OF PRIVACY?
Examples given by the Office of the Australian Information commissioner include loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information. unauthorised access to personal information by an employee.
Another example is the inadvertent disclosure of personal information due to ‘human error’, such as an email sent to the wrong person.
WHAT HAPPENS IF YOUR PRIVACY IS BREACHED?
Responding to the initial breach and subsequent complaints may have financial, legal and resource implications, the Office of the Victoria information commissioner says.
Data breaches can result in reputational damage and a loss of public trust.
More Coverage
Originally published as Qantas data breach: How to find out if you have been affected