Qantas has confirmed that a serious cyber incident may have exposed the 
personal details of up to six million customers, following a breach of a
 third-party contact centre platform. The national carrier said it 
detected “unusual activity” on Monday involving one of its offshore 
service platforms, which is operated by a call centre based in Manila. 
The airline said the breach has now been contained.
One of Australia's legal firms has taken Qantas to task over a massive 
data breach that has left millions of customers' private information in 
the hands of criminals who are also targeting Telstra. 
A legal firm is investigating a potential class action against Qantas after hackers threatened to release private data from their customer database.
Names, numbers, emails, addresses, birthdays and frequent flyer numbers from 5.7 million Qantas customers are at risk of being publicised, unless software company Salesforce pays a ransom by Friday.
The hacker group, Scattered Lapsus$ Hunters, also claims to have the details of Telstra customers.
In an update on its ransom site on Thursday, the group threatened to leak 100GB of Telstra customers’ personal information.
Maurice Blackburn lawyers, Australia’s leading class actions law firm, has filed a complaint to the Office of the Australian Information Commissioner (AIC) against the airline for a breach of privacy.
If you have been impacted, here’s how you can get involved.
HOW DO I KNOW IF I’M AFFECTED?
Customers have been affected differently, but if you have been a Qantas passenger you may be at risk. 
By
 now, all impacted customers should have received an email titled 
“confirmation of your details impacted by the cyber incident.”
The
 email explains exactly which of your details were accessed by the 
hacker and flags an update to the Qantas Frequent Flyer platform which 
will be available soon and allow customers to see the “types of data 
held on the compromised system.”
“Our customer records are based 
on unique email addresses, so if you have multiple email addresses 
registered with Qantas, you may have received a separate notification to
 different impacted email addresses,” Qantas said.
Make sure to check your spam or junk folder. 
WHAT IS MAURICE BLACKBURN’S COMPLAINT ABOUT?
The
 data breach representative complaint have been made against Qantas 
because they claim the airline has breached the Privacy Act 1988. 
This is a law the protects how personal data is handled by the government and by many private organisations.
Maurice Blackburn alleges that Qantas failed to adequately protect the personal information of its customers.
Complaining through a representative can allow a large number of the same complaint to be processed at the same time. 
WHAT PERSONAL DATA WAS STOLEN?
A wide range of personal data was accessed by the hacker.
For four million customers, the data accessed is limited to their name, email address and Qantas Frequent Flyer details.
Of
 these four million, 1.2 million customers only had their name and email
 address accessed by the hacker and the remaining 2.8 million also had 
their Qantas Frequent Flyer number accessed.
Most of the customers
 whose frequent flyer number was accessed also had their tier and, in a 
lesser umber of cases, their points balance and status credits.
However for 1.7 million customers, the data hack was more substantial.
Of
 these customers, 1.3 million had their address revealed to the hacker –
 this includes business addresses and also the addresses of hotels 
customers may have stayed in which Qantas had records of for the purpose
 of reuniting them with misplaced baggage.
Around 1.1 million people had their date of birth accessed.
Approximately
 900,000 customers had their phone numbers accessed, 400,000 had their 
gender revealed to the hacker and 10,000 the meal preferences they chose
 on flights.
No financial data was breached.
WHO CAN PARTICIPATE IN THE COMPLAINT?
If you have been notified by Qantas that your information is at risk, then you’re able to participate. 
This includes former and current customers. 
It
 doesn't cost any more upfront and if there is a successful outcome, the
 cost of the service paid to Maurice Blackburn for their legal service 
will be deducted by the payment affected customers are entitled to.
If it’s unsuccessful no money is owed to Maurice Blackburn.
HOW DO I PARTICIPATE?
For those keen to get involved in the 
class action, you need your name, number, email and address to register 
with Maurice Blackburn.
Even if you’ve already interested your 
interest with another law firm you can register with Maurice Blackburn 
to get updates about their investigation into potential compensation. 
To sign up, you can to the Register now page on the Maurice Blackburn Lawyers site under Qantas Data Breach in the Join a class action section. 
Alternatively, you can get in touch with the lawyers using qantasdatabreach@mauriceblackburn.com.au
QANTAS WAS CONTACTED BY THE HACKER – WHAT’S THE LATEST?
The
 bad actor responsible for the hack has contacted Qantas who have 
refused to comment further given the active criminal investigation.
Precedence,
 including the Optus and Medibank incidents, suggest it is unlikely 
Qantas will cave and pay the ransom demand of the hacker which have not 
been made public but could be in the many millions of dollars.
The hacker dated the potential release of the information as October 10.
ARE CUSTOMERS VULNERABLE TO SCAMS NOW?
Qantas has recommended
 customers take precautionary steps and maintain an increased level of 
vigilance in the wake of the cyber attack.
“Remain alert, 
especially through email, text messages or telephone calls, particularly
 where the sender or caller purports to be from Qantas,” an email to 
impacted customers reads. “Always independently verify the identity of 
the caller by contacting them on a number available through official 
channels.
“Do not provide your online account passwords, or any 
personal or financial information. “Qantas will never contact customers 
requesting passwords, booking reference details or sensitive login 
information.”
Source:supplied.