Skip to content
Home Info & Advice

Being hacked isn’t that big a deal. What you do after, is.

What's Next

Qantas/New World/next please: Being hacked isn’t that big a deal. What you do after, is.

So, in recent times we’ve seen airline Qantas falling victim to a cyberattack which hit a third-party contact centre platform potentially exposing personal details of up to 6 million customers. On the NZ side of the ditch, New World took an arrow to the knee with a password spraying attack. Flown Qantas? Shopped New World? That means probably you’re involved. Perfect time to panic? Maybe.

Or maybe not. What’s becoming abundantly clear from this latest spate of incidents is that being hacked these days probably isn’t all that exciting or a that big of a deal. People are still shopping and flying. Instead, the response is where the mark is made, and that applies equally whether you’re Qantas, or Joe Blogs who once kangaroo hopped across the ditch.

Now, while we do advise the organisations with which we work on how they should respond, it isn’t for us to dictate to Qantas or New World. I’ll have a go at lecturing you instead, though, so keep reading.

What’s happened in the wake of these dastardly deeds? Your inbox is buzzing with worried emails from family, your colleagues are fretting about identity theft, Mum’s on the phone scared witless, lock up the children and let out the dogs.

No, actually none of that’s happened. Cutting through the noise, being “hacked” is generally nothing like catastrophe for the majority of affected customers. What’s more, your data’s probably been out there since the days of dial-up.

Does that mean a blasé ‘do nothing’ approach is enough?

Well, not quite.

Let’s break down the Qantas breach and focus on practical steps to stay secure the sensible way.

Reported in July 2025, the Qantas breach involved a third-party system, not the airline’s core databases. Customer names, contact details, and some loyalty program data may have been exposed, but no financial or credential data was compromised.

A quick detour is necessary. I’ve recently mentioned him before, but cybersecurity guru Troy Hunt would likely tell you this is just another entry in a long list of data spills. He’d also happily alert you to your compromised info; just head to Have I Been Pwned? and see for yourself.

Here’s the real talk: Your name, address, or even date of birth are probably floating around the dark web, maybe even changing hands in trade between data brokers.

Breaches are as routine as a Sydney or Auckland traffic jam. Annoying, but not the end of the world. The real risk therefore isn’t that your data’s out there; it’s what happens if you don’t act wisely.

And that’s really what you need to do after a breach like Qantas or New World. No need for panic. Understand what’s been compromised before taking drastic action (for example, no passports and no credit cards means no need to change those, avoiding major hassle). Confirm if you’re affected (Qantas says it is notifying impacted customers directly but do your own check on Troy’s site).

Next, secure your accounts. Even though Qantas didn’t report stolen passwords, now’s the time to ditch any reused ones—yes, even that “Password123” you’ve used since 2005 (in the New World case, the attack targeted weak passwords. We know who you are!) A password manager like LastPass or Bitwarden is your best mate here, generating strong, unique passwords you don’t need to memorise.

Enable MFA on every account where it’s available, preferably with an authenticator app over TXT (Note that Qantas’s MFA stopped account takeovers in its incident…it works). Keep an eye out for phishing scams; leaked data fuels fake emails or texts pretending to be from a valid service provider, urging “verification” of details, etc. Don’t click suspicious links; go straight to the official website or app to check your account.

Finally, stay proactive. Train yourself to recognise social engineering tricks: rushed requests, odd wording, or anything that feels off. And since it won’t be long until the next breach hits, just check the facts, and focus on the basics: strong passwords, MFA, and vigilance.

That’s not just a response. Instead, it’s a common-sense approach that’ll keep you secure from all but the most determined attacks.

 

 

Facebook
Twitter
LinkedIn
  • Read more

Related Posts

  • News

Remote Work Security Strategies.

The landscape of remote work has transformed dramatically over the past several years. What began as a reactive shift to keep operations going during a major global disruption has now solidified into a permanent mode of working for many organisations, especially small businesses.

Client Advisory – July 2025.

On Friday, 30th June 2025, Qantas confirmed a cyber incident affecting one of its offshore third-party contact centres. Approximately six million customer records were accessed, exposing personal information including names, contact details (email and phone number), Date of Birth and frequent flyer numbers. No financial or authentication credentials (such as passwords or card data) were determined to be accessed at this time.
  • News

The Ultimate Backup and Recovery Plan for Small Businesses.

What would happen if your business lost all its data tomorrow? Would you be able to recover, or would it grind your operations to a halt? Every small business runs on data, which includes customer information, financial records, communications, product files, and more. Yet data security often falls to the bottom of the to-do list.