12 comments

[ 2.6 ms ] story [ 34.7 ms ] thread
>customers’ email addresses, phone numbers, birth dates and frequent flyer numbers

So all things that have likely been leaked 30 times already? Perhaps except the fly miles

Is this from the Salesforce breach?
Haven’t they sold that to some dubious partners already?
I don't see why a company would pay a ransom to protect their customers from identity theft -- the losses are public, while the costs to them are a very small number of customers that read about this, think they're likely to lose the data again, didn't already lose their data in this leak, remember this story at the time of purchase, and value that more than things like ticket time or ticket price. I don't think the hackers should be making any money this way.
Pay the ransom, hackers then sell the data privately

Don’t pay the ransom, hackers release a subset to the public for free, then sell the rest privately

Good on Quantas for not negotiating, bad on them for shit security.

I'd never heard of Quantas. I have heard of Salesforce. Nothing particularly glowing, though.
[dead]
> The Qantas data, which was stolen from a Salesforce database in a major cyber-attack in June, included customers’ email addresses, phone numbers, birth dates and frequent flyer numbers. It did not contain credit card details, financial information or passport details.

Curious, what's the worst a bad actor do with name, email address, phone number and birth date?

This topic is always a mixed bag for me, on the one hand I don't think you should pay ransom groups as it encourages more, but also their security should be better.

> “No company wants to see, you know, hundreds of thousands, or, millions of records of their customers just on the internet,” Kirk said. “That’s awful. It’s awful for the companies. It’s awful for the people affected.”

This reads to me like : "Well yeah sorry to our customers, but we're not taking a loss for our incompetance"

There's no winners here.

I see a class action coming against Qantas .....
I mean seriously - how the heck are they doing such social engineering??

meanwhile I am struggling to confirm my identity to Google, what the .. :`)