Six Million Australians have discovered they have a heightened risk of being the subject of identity fraud this week because
… a criminal was given access by an employee to a third-party customer servicing platform.
It happened just days after the FBI warned airlines to watch out for cyber attacks including on “third party IT providers which means anyone in the airline ecosystem including trusted vendors and contractors”.
The call centre is in Manila, Phillipines. Qantas have advised that the information released includes names, phone numbers, email addresses, frequent flyer numbers and dates of birth.
Regardless of the motives of the employee in question, they probably no longer work at the call centre. The bigger question is why Qantas has a call centre in Manila in the first place. Qantas have used nationalist jingoism as their advertising slogans for decades. Before they were the “Spirit of Australia” (as emblazoned on all their aircraft), they ‘called Australia home’ for decades. According to media reports, Qantas has been extremely quiet since the hack became public. The ABC reports that
The federal minister responsible for cybersecurity, Tony Burke, told the ABC on Wednesday that Hudson was on leave and he’d spoken twice with the acting chief executive.
Finally, on Friday morning, two days after the data breach was announced to the public, Hudson did a short interview with Channel Seven in London.
While her overseas leave may explain the CEO’s delay in fronting the media, neither the acting CEO nor anyone else from the airline put their head up publicly either.
The ABC’s interview requests were declined, and our reporters’ calls to the Qantas media line frequently went straight through to message bank.
Qantas probably really wanted to talk about the arrival of it’s first Airbus A321 in Sydney last week rather than a data breach. They fly an older fleet of aeroplanes in comparison to Virgin Australia, Singapore Airlines or Air New Zealand. While age doesn’t necessarily relate to the safety of the plane, it does mean that capital replacement costs are lower while maintenance and fuel costs are higher. The arrival of the first of a brand new plane type for domestic and Pacific Islands travel would have been a good news story.
Sadly, it was not to be.
Qantas wasn’t the only large enterprise in the news last week. Health insurance provider Bupa was fined $35 million by the ACCC for falsely rejecting claims by their customers because one section of the medical procedure claimed was outside the conditions of the policy. While Bupa claims that the problem was rectified in August 2023, the ABC reports that
Brisbane woman Tara Manning says she believes poor conduct has not stopped since she experienced difficulty with a claim in April 2025 — about 18 months after the period dealt with by the ACCC.
She said Bupa tried to reject a claim for laparoscopic surgery to investigate possible ovarian cancer when she went through the pre-surgery eligibility check.
The mother-of-two had bronze-level cover that included cover for gynaecological surgery. But because one part of the procedure was deemed “digestive” by the insurer and the government, the claim was initially rejected in full.
The Australian Institute of Company Directors suggests
The relationship between a director and a company is fiduciary in nature, meaning that a director undertakes to act in the interests of the company and not in his or her own interests.
The overriding duty of a fiduciary is the obligation of undivided loyalty. This obliges the director to act honestly, in good faith and to the best of his or her ability in the company’s interests. A director must not allow conflicting interests or personal advantages to override the company’s interests. Nor should a director participate in deliberations of the board if the director has personal interests or duties that may conflict with those of the company. The company to which the director has been appointed must always come first.
And while increasing profits by deferring the purchase of newer planes, operating call centres in the Phillipines (despite claiming to be the ‘spirit of Australia’) or declining health insurance claims in total because one section of the claim falls outside the insurance cover is probably legal is it really in the best interests of the company?
Qantas, Bupa, Medibank, Optus and many other large ‘institutional companies’ have been short changing customers for years by not investing in the security of customer data or using ‘creative’ methods to avoid the provision of service to customers. While probably increasing profit, bonuses to senior staff and returns to shareholders in the short term, they have destroyed invisible assets such as brand reputation in the long term. Institutional shareholders have a right to see a return on their investment but there doesn’t seem to be a similar criteria around actually providing the service requested by customers. In addition, is paying fines to the ACCC or related government bodies an optimal use of company funds?
Arguably, the directors of companies that are fined or sanctioned by the ACCC or other regulatory bodies have failed their fiduciary duty, yet they rarely seem to be made to be responsible for their actions. Profits are important as any business relies on them for investment and to provide the business owners or shareholders a return on their investment. All the ‘voluntary codes of practice’ and promises to do better in the future aren’t worth the time and effort used to promote them if the company has no real intention to follow through and live by their promises.
Dear reader, we need your support
Independent sites such as The AIMN provide a platform for public interest journalists. From its humble beginning in January 2013, The AIMN has grown into one of the most trusted and popular independent media organisations.
One of the reasons we have succeeded has been due to the support we receive from our readers through their financial contributions.
With increasing costs to maintain The AIMN, we need this continued support.
Your donation – large or small – to help with the running costs of this site will be greatly appreciated.
You can donate through PayPal or credit card via the button below, or donate via bank transfer: BSB: 062500; A/c no: 10495969
One thinks the wrong end of the stick, it’s not an issue to have back office elsewhere whether Philippines or Tasmania, but Australian corporates’ attitude towards cybersecurity and following the standards.
Solution? In plain sight but actively avoided by the digitally illiterate powers that be around LNP/ALP, Murdoch, Atlas-Koch think tanks, our corporate and public sector elites; the EU…..
The EU has sensible frameworks* covering private data, collection, storage and use (vs Big Tech) under the GDPR and Digital Services directives with penalties; *from before Brexit & Trump dog whistled as ‘red tape’ and bureaucracy.
Now thanks to Trump, Australia is taking the EU seriously by restarting negotiations on a free trade agreement, defence and missed by many, more reciprocal agreements on working holiday visas (competing with the UK where numbers are dropping) and of course many more dual Oz-EU citizens.
Further, any treaty will require more alignment with the EU, directives and the ‘Brussels Effect’.
FutureSuper are worthy of honorable mention for being ‘Australia’s first green superannuation fund’ who spent the whole time investing people’s money with Blackrock until they got cold feet. It got zero media coverage when the issue broke. The issue broke when they decided to ‘divest’ due to ‘ethical reasons’, of course by then it was too late. You don’t say, Blackrock is unethical? When did they find out about that> Luring Simon Sheikh over from Get Up! by dangling a payday too good to refuse for a sheen of morality and respectability worked for quite a while but it wasn’t going to last the distance. They turned out to be absolutely no different from every other shonky fund.
30 years after privatisation, Qantas stills struggles with-
• the inefficiency that often characterised the highly unionised public sector
▪︎ difficulty competing with the efficiency and cost structure of newer airlines
• being under far more public scrutiny than (the significantly outsourced structure of) Virgin Airlines