Angela Pownall: The Qantas data breach should make us all more wary about what we share online

The Qantas data breach has probably made many of us think about all the personal data we’ve have submitted online and wonder where it could have ended up, and how it could be used against us.

The airline is not the first major Australian company to have the personal details it holds about its customers stolen by hackers.

Optus and Medibank both suffered large data breaches in 2022 affecting tens of millions of Australians, leading to legal action and increased regulatory action on cyber security.

And 2024 was the worst year for data breaches in Australia since records began in 2018, according to the Office of the Australian Information Commissioner.

This year, some of the country’s largest superannuation funds have suffered significant data leaks. Now it’s Qantas, which could have been targeted in a recent spate of cyber attacks on airlines.

Like many Qantas customers, I have to wait and see what the impact could be as one of the six million whose personal details have been accessed.

Speaking to a friend who works in cyber security in Perth about this latest data breach, I got the sense it feels like fighting a losing battle to keep out the hackers who are relentless in their pursuit of our personal data for their gain.

While it’s down to companies to keep our stored data safe and secure, he said we can make it harder for hackers to access our online accounts at our end by having different passwords for different accounts.

Changing passwords regularly will help too, particularly in light of news in April that more than 31,000 banking passwords belonging to Australian customers were being traded on the dark web.

It’s not easy to remember numerous different passwords. Though we’ve previously been advised not to write them down, at least they’d be out of reach of online thieves when on paper.

There are also password manager services, which create and store encrypted passwords for subscribers, who then just need one password to access all of them.

That sounds handy, but as my friend said the problem is that the “malicious actors” are now targeting people’s password manager accounts which would give them access to all of someone’s passwords in one fell swoop. Not ideal.

Australian firm Dvuln, which discovered the 31,000 banking passwords on the dark web, said they were stolen from users’ devices, which were infected by malware called “infostealer”.

It advised keeping your device’s operating system and antivirus software up to date to help to weed out infostealers, as well as rotating passwords and using multi-factor authentication to access accounts.

My friend’s final advice? “Cash is king, and stay anonymous,” he said.

Both these tips are becoming harder to act on in today’s world, but with cyber attacks expected to become more sophisticated and intense, they are worth bearing in mind.