https://www.sbs.com.au/news/article/what-to-do-if-your-qantas-data-was-leaked/vk1922mpe
Personal data of over 5.7 million Qantas customers has been leaked on the dark web after the airline was targeted by the hacker collective Scattered LAPSUS$ Hunters. The breach, which was linked to a compromise of the cloud software giant Salesforce, exposed details such as full names, email addresses, frequent flyer information, addresses, dates of birth, phone numbers, and in some cases, meal preferences.
Qantas customers should be vigilant for scams and phishing attempts that could exploit the stolen information. Customers are advised to enable multi-factor authentication on their accounts, change their Qantas password and any other accounts where the same password was used, and regularly monitor their financial statements for any unusual activity. They should also be wary of unsolicited emails, texts, or calls claiming to be from Qantas, insurers, or “compensation teams” and instead visit the official Qantas website or app to verify account details.
While Qantas has set up a 24/7 support line and specialist identity protection service for affected customers, a complaint has already been lodged by law firm Maurice Blackburn with the Office of the Australian Information Commissioner, alleging that Qantas breached privacy laws by failing to adequately protect customer information. Affected customers are eligible to receive updates from the law firm and any compensation that may be sought on their behalf, though the case may be challenged by Qantas on the grounds that a third-party was responsible for the data breach.