Qantas data breach: How Aussies can join potential class action

Qantas has confirmed that a serious cyber incident may have exposed the personal details of up to six million customers, following a breach of a third-party contact centre platform. The national carrier said it detected “unusual activity” on Monday involving one of its offshore service platforms, which is operated by a call centre based in Manila. The airline said the breach has now been contained.

One of Australia's legal firms has taken Qantas to task over a massive data breach that has left millions of customers' private information in the hands of criminals who are also targeting Telstra. 

A legal firm is investigating a potential class action against Qantas after hackers threatened to release private data from their customer database.

Names, numbers, emails, addresses, birthdays and frequent flyer numbers from 5.7 million Qantas customers are at risk of being publicised, unless software company Salesforce pays a ransom by Friday.

The hacker group, Scattered Lapsus$ Hunters, also claims to have the details of Telstra customers.

In an update on its ransom site on Thursday, the group threatened to leak 100GB of Telstra customers’ personal information.

Maurice Blackburn lawyers, Australia’s leading class actions law firm, has filed a complaint to the Office of the Australian Information Commissioner (AIC) against the airline for a breach of privacy.

If you have been impacted, here’s how you can get involved.

HOW DO I KNOW IF I’M AFFECTED?

Customers have been affected differently, but if you have been a Qantas passenger you may be at risk.

By now, all impacted customers should have received an email titled “confirmation of your details impacted by the cyber incident.”

The email explains exactly which of your details were accessed by the hacker and flags an update to the Qantas Frequent Flyer platform which will be available soon and allow customers to see the “types of data held on the compromised system.”

“Our customer records are based on unique email addresses, so if you have multiple email addresses registered with Qantas, you may have received a separate notification to different impacted email addresses,” Qantas said.

Make sure to check your spam or junk folder.

WHAT IS MAURICE BLACKBURN’S COMPLAINT ABOUT?

The data breach representative complaint have been made against Qantas because they claim the airline has breached the Privacy Act 1988.

This is a law the protects how personal data is handled by the government and by many private organisations.

Maurice Blackburn alleges that Qantas failed to adequately protect the personal information of its customers.

Complaining through a representative can allow a large number of the same complaint to be processed at the same time. 

WHAT PERSONAL DATA WAS STOLEN?

A wide range of personal data was accessed by the hacker.

For four million customers, the data accessed is limited to their name, email address and Qantas Frequent Flyer details.

Of these four million, 1.2 million customers only had their name and email address accessed by the hacker and the remaining 2.8 million also had their Qantas Frequent Flyer number accessed.

Most of the customers whose frequent flyer number was accessed also had their tier and, in a lesser umber of cases, their points balance and status credits.

However for 1.7 million customers, the data hack was more substantial.

Of these customers, 1.3 million had their address revealed to the hacker – this includes business addresses and also the addresses of hotels customers may have stayed in which Qantas had records of for the purpose of reuniting them with misplaced baggage.

Around 1.1 million people had their date of birth accessed.

Approximately 900,000 customers had their phone numbers accessed, 400,000 had their gender revealed to the hacker and 10,000 the meal preferences they chose on flights.

No financial data was breached.

WHO CAN PARTICIPATE IN THE COMPLAINT?

If you have been notified by Qantas that your information is at risk, then you’re able to participate.

This includes former and current customers.

It doesn't cost any more upfront and if there is a successful outcome, the cost of the service paid to Maurice Blackburn for their legal service will be deducted by the payment affected customers are entitled to.

If it’s unsuccessful no money is owed to Maurice Blackburn.

HOW DO I PARTICIPATE?

For those keen to get involved in the class action, you need your name, number, email and address to register with Maurice Blackburn.

Even if you’ve already interested your interest with another law firm you can register with Maurice Blackburn to get updates about their investigation into potential compensation.

To sign up, you can to the Register now page on the Maurice Blackburn Lawyers site under Qantas Data Breach in the Join a class action section.

Alternatively, you can get in touch with the lawyers using qantasdatabreach@mauriceblackburn.com.au

QANTAS WAS CONTACTED BY THE HACKER – WHAT’S THE LATEST?

The bad actor responsible for the hack has contacted Qantas who have refused to comment further given the active criminal investigation.

Precedence, including the Optus and Medibank incidents, suggest it is unlikely Qantas will cave and pay the ransom demand of the hacker which have not been made public but could be in the many millions of dollars.

The hacker dated the potential release of the information as October 10.

ARE CUSTOMERS VULNERABLE TO SCAMS NOW?

Qantas has recommended customers take precautionary steps and maintain an increased level of vigilance in the wake of the cyber attack.

“Remain alert, especially through email, text messages or telephone calls, particularly where the sender or caller purports to be from Qantas,” an email to impacted customers reads. “Always independently verify the identity of the caller by contacting them on a number available through official channels.

“Do not provide your online account passwords, or any personal or financial information. “Qantas will never contact customers requesting passwords, booking reference details or sensitive login information.”

Source:supplied.

Discord discloses data breach after hackers steal support tickets

Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users after compromising a third-party customer service provider.

The attack occurred on September 20 and affected “a limited number of users” who interacted with Discord’s customer support and/or Trust and Safety teams.

Discord was created as a communication platform for gamers, who represent more than 90% of the userbase, but expanded to various other communities, allowing text messages, voice chats, and video calls.

According to the platform’s statistics, more than 200 million people are using Discord every month.

Hackers demanded a ransom

In the notification to affected users, the messaging company says that the attack occurred on September 20 and “an unauthorized party gained limited access to a third-party customer service system used by Discord.”

On Friday, Discord disclosed the incident publicly, saying that it took immediate action to isolate the support provider from its ticketing system and started an investigation.

This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement - Discord

The attack appears to be financially motivated, as the hackers demanded a ransom from Discord in exchange for not leaking the stolen information.

Exposed data includes personally identifying information such as real names and usernames, email addresses, and other contact details provided to the support team.

The social communication service says IP addresses, messages and attachments sent to customer service agents were also compromised.

The hackers also accessed photos of government-issued identification documents (driver’s license, passport) for a small number of users.

Partial billing info, like payment type, the last four credit card digits, and purchase history associated with the compromised account, were exposed as well.

Discord's data breach notification to affected users
source: VX-Underground

VX-Underground security group notes that the type of data stolen from Discord users represents “literally peoples [sic] entire identity.”

Alon Gal, Chief Technology Officer at threat intelligence company Hudson Rock, believes that if the hackers release the Discord data, it could provide crucial information to help uncover or solve crypto hacks and scams.

“I’ll just say that if it leaks, this db is going to be huge for solving crypto related hacks and scams because scammers don’t often remember using a burner email and VPN and almost all of them are on Discord,” says Alon Gal, Chief Technology Officer at Hudson Rock

Currently, it is unclear how many Discord users are affected, and the name of the third-party provider or the access vector has not been disclosed publicly.

However, the Scattered Lapsus$ Hunters (SLH) threat group claimed the attack earlier today.

An image the hackers posted online shows a Kolide access control list for Discord employees with access to the admin console. Kolide is a device trust solution that connects to Okta cloud-based Identity and Access Management (IAM) service for multi-factor authentication.

SLH confirmed to BleepingComputer that it was a Zendesk breach that allowed stealing the Discord user data.

Update: While SLH initially appeared to confirm to BleepingComputer that they were behind the Discord Zendesk compromise, they later stated that it was a different group that they know and interact with.

BleepingComputer contacted Discord with a request for more details about the attack, but a comment from the social communications platform was not immediately available.

It is worth noting that hundreds of companies had their Salesforce instances compromised after the ShinyHunters extortion group accessed them using stolen Salesloft Drift OAuth tokens.

Last month, the hackers claimed to have stolen more than 1.5 billion Salesforce records from 760 companies.

More recently, ShinyHunters launched a data leak site listing more than three dozen victims.

Source: Discord.

Will Australian governments notify 'consumers' when (not 'if) hackers breach servers that users were 'mandated' to upload their government IDs? 

All part of the Nanny State agenda, nothing to do with 'child safety'?

If 'child safety' was on the agenda, the Epstein files would have been released a while ago.

Exposing The Dark Side of America's AI Data Center Explosion

The explosion of AI across every industry has seen hundreds of water- and power-hungry server farms sprout up across the US. Already, one-third of the world's internet traffic flows through data centers in just one US state: Virginia.

However, until now, there has been no official record of the number of data centers in America, who owns them, or how much electricity they consume.

In an exclusive deep dive into the industry, Business Insider reporters cracked the code and, for the first time, revealed the true cost of the data warehouses feeding our growing appetite for cloud computing and AI. We travelled to Virginia to meet people living in the shadow of 80-foot-high boxes that emit a constant drone, and to the drought-ridden state of Arizona, where some data centers are using as much as a million gallons of water a day to help cool their computer servers.

Business Insider also discovered that the power needs of data centers have forced some states to withdraw from their carbon emissions targets. Power companies are even looking to extend the life of coal and gas plants to help meet the unprecedented demand.

See 31 minute documentary:

The explosion of AI across every industry has seen hundreds of water- and power-hungry server farms sprout up across the US. Already, one-third of the world's internet traffic flows through data centers in just one US state: Virginia. However, until now, there has been no official record of the number of data centers in America, who owns them, or how much electricity they consume. In an exclusive deep dive into the industry, Business Insider reporters cracked the code and, for the first time, revealed the true cost of the data warehouses feeding our growing appetite for cloud computing and AI. We travelled to Virginia to meet people living in the shadow of 80-foot-high boxes that emit a constant drone, and to the drought-ridden state of Arizona, where some data centers are using as much as a million gallons of water a day to help cool their computer servers. Business Insider also discovered that the power needs of data centers have forced some states to withdraw from their carbon emissions targets. Power companies are even looking to extend the life of coal and gas plants to help meet the unprecedented demand.

Brief Note On Mobile Phone Measurements With Airplane Mode On/Off

This report describes the results of a brief investigation, as to whether enabling airplane mode on a mobile phone disables all cellular transmissions. 

In summary, we found no evidence of cellular transmissions when airplane mode is on. 

The mobile handsets studied were:

 - Pixel 8 (running GrapheneOS/Android 15), 

- iPhone 15 (iOS 17.1.1), 

- Samsung A23 (Android 13), 

- Xiaomi Redmi Note 11 (Android 11)

See report by DJ Leith and D Malone, Trinity College, Dublin, Ireland from the 18th of Spetember 2025:

Cookie, Identifiers and Other Data That Google Silently Stores on Android Handsets

This paper presents the results of a measurement study on the cookies, identifiers and other data sent by Google servers and stored on Android handsets by pre-installed Google apps, including the Google Play Services and Google Play store apps. 

To the best of our knowledge this is the first such study and the first time that the data stored by these apps has been publicly documented.

See paper by D.J. Leith, Trinity College Dublin, Ireland.

No limiting AI chatbots for ‘child safety’ in Australia?

The people in the Australian government have ‘advertised’ that they’re implementing measures for ‘child safety’, regarding ‘social media’, knowing full well that their actions will not protect the children of the corporate (nee cannon) fodder.

BUT, they have (deliberately) overlooked one prevalent technology that is used by minors, that being Artificial Intelligence chat-bots.

A ‘failure of government’?

It doesn’t seem like it but rather a deliberate inaction.

It seems that corporations, via their products (AI chat-bots) will be able to abuse children for some time.

See a 7 minute clip from a Senate Judiciary Committee hearing from 16 September 2025:

The (penal) colony called Australia, is very quick to implement dubious speed restrictions on road for the purpose of purely raising revenue, but very slow to action on child safety concerns, like the child care centres abuse that has recently make it into the public eye but has been going on for quite a while.

The government also admitted that during the recent pandemic mental health of the general population was not under consideration, where unlawfully issued fines were a priority to cash in on the unsuspecting masses.

Exposed: Shocking reason for Victoria’s roads in an appalling state of disrepair

Victoria is a money for mates system that rorts people’s tax dollars in fraudulent tender processes for whatever hair brained idea the politicians enact.

As a result the low quality people in government do not function for the benefit of society, but rather the policy to to give the bare minimum to their constituents, tax/rate payers.

While they line their pockets with disproportionate salary increases, they give back very little to society, where over-government is the order of the day.

This modus operandi is not only limited to Victoria but rather across all states and territories across the self governing colony.

Corruption costs, where it doesn’t ‘cost’ the government, but rather society and society’s tax pool.

Recent information from a source within the government, is that the funds allocated to road maintenance will not be entirely spent on fixing the state's atrocious roads but rather 40% of that budget will be spent on generating revenue.

“They simply don’t give a stuff about the people” the source stated, “they’re fixated on generating revenue in whichever way possible, even if it’s dishonest”

So, forty percent of the state’s road maintenance budget is going into speed/red-light cameras.

The cameras are not about safety but rather pure revenue raising.

To make it worse it’s done unlawfully, but that is beyond the scope of this article.

The police state of Victoria is in full swing.

How governments and police hide police criminal activity, corruption and misdeeds against the good people of Australia

Victoria Police assaulting civilian during peaceful protest

Australians live under a secretive police state, where the colony’s police forces are corrupt. 

They’re corrupt to the core and the governments of Australia’s states and territories hide this fact from the people.

In fact Australia’s Anglo-Masonic administration of ‘justice’ deems it not in the public interest to publish the real figures where many court cases are hidden from public view.

It is only through a police media liaison officer that information is allowed to be given for people to ‘consume’ via the public news media, where this is supported by the words “the ‘insert publication name’ is allowed to reveal..” in the article.

What is printed in the media is only a tiny fraction of what really goes on.

IF a people sue their local police force, taxpayers foot the bill, where in reality there are no personal penalties for the officers involved, e.g. the brutal bashing by Victoria Police cowards of Corinna Horvath in her own home.

What sort of 'justice' system is it, when it takes a victim of police brutality to obtain a 'remedy' 18 years from the offence?

The judicial system is for the officers, where it pretends it's unbiased, where if there is a successful litigation, people are none the wiser, as the victim MUST sign a NDA (Non Disclosure Agreement) to obtain financial compensation.

You basically have to sign a gag order, where the police can go on their merry way to assault others, even if the officer is a danger to society.

Domestic violence is also high among male officers, where this is also kept from the public eye and is dealt behind closed doors by the ‘brotherhood’.

IF non-government organisations operated like the colony’s police forces, they would be deemed as outlaw gangs/clubs.

It’s a sad state of affairs, that the media is silenced on reporting the true criminal activities of Australia's police forces.

From 2020 Victoria Police have been brutually assaulting civilians unlawfully, as stated by a judge, with total impunity.

This is the new level of tyranny Australians live under.

The false labelling of persons as ‘sovereign citizens’

Removed article from social media.

There are many agendas at play, where one of them that is enacted by the public news media and governments (state and federal) is to label persons as ‘sovereign citizens’.

That term is actually an oxymoron.

This is the new way the totalitarian state of Australia handles people that it considers a treat to their régime, and not society.

Recently, the Rupert Murdoch tabloid Herald Sun posted an article on social media, where 71 comments were made before they took down the article.

It stands to reason that all the persons shown in the above article are 'sovereign citizens', which they are not.

Therefore Murdoch's 'empire' should be sued by those individuals.

See an explanation on how the people perceive the mainstream media propaganda machine in the 10 minute video:

Police use mobile phone locator technology to find two missing people

Mobile Tower triangulation has been used by the authorities since the inception of GSM communications

Police have used a world-first tool twice this week to find people reported missing by tracking the location information on their phones.

The new technology, the Device Location Information (DLI) service, can be used by emergency services to locate the mobile phone of a person who has not called 111 themselves but for whom there are fears for their health or safety.

The technology, launched last week, made it faster for police to narrow the search area for people who were unable or unwilling to say where they were, in circumstances where it was necessary to prevent or lessen a serious threat to the life or health of the person concerned or another individual.

The DLI capability was announced by Minister of Police Mark Mitchell last Friday.

Police Northern Emergency Communications and Dispatch Centre manager, Inspector Dan Weir, said police received a report of a person with an intellectual disability missing from their home in Matamata on Thursday night.

“The person hadn’t been seen for 30 minutes and had left their Wandatrak at home; it was raining and the person’s family were becoming increasingly worried.”

Weir said the decision was made to allow the DLI service to be used, sending officers to the person’s location at a nearby park.

“The person was returned home 37 minutes after being reported missing, which is an incredible result.

“When every second counts, this service is yet another tool to help our teams get people the help they need to keep them safe.

“One of the most stressful parts of our job is trying to find out where people are when they’re distressed and in need of help but can’t tell us or don’t know where they are, or equally if someone is reporting a loved one missing and doesn’t know where they could be.”

The DLI service delivers an improvement on the previous capability, which meant manual requests had to be made to mobile network operators to try to locate a device.

“Earlier in the week the service was used to assist in locating a person whose family had immediate concerns for their welfare.

“The person was found after being involved in a single-vehicle crash in Piha, thankfully uninjured, and was able to get the help they needed.

“Time can often be the difference between life and death and we’re thrilled to have access to this service.”

Last week Hato Hone St John chief executive Peter Bradley welcomed the new emergency services resource.

“This is a vital tool that will help emergency services respond faster when every second counts,” Bradley said.

“The ability to quickly locate a person whose life or health is at serious risk but unable to call for help can mean the difference between life and death.

“Crucially, this new capability highlights the value of collaboration between emergency service agencies.

“By working together and leveraging shared technology, we can deliver a faster, more accurate medical response to people when they need it, wherever they may be.”

Source: RNZ, 29 Aug, 2025 06:30 PM

Irrespective of the name of the method/'tool' used, ever since smartphones had GPS chips installed, this (location) information has been available to the authorities, without any warrants used.

See Edward Snowden's leaks for further clarification.

Also one of the most important aspects of cellular networks is that they use inherently insecure protocols and have many trusted parties.

Even with the very public murder of Irish woman Gillian (Jill) Meagher from Brunswick Victoria in 2012, Victoria Police did not want to disclose publicly how they used mobile phone generated data to put the accused murder (Adrian Ernest Bayley) at the relevant locations.