> The Qantas data, which was stolen from a Salesforce database in a major cyber-attack in June, included customers’ email addresses, phone numbers, birth dates and frequent flyer numbers. It did not contain credit card details, financial information or passport details.
Curious, what's the worst a bad actor do with name, email address, phone number and birth date?
Phishing. Super easy now to send a fake email with a great offer, and have your name and loyalty programme number right there in the email. Much easier to trick someone when your email contains a bunch of personal info that you wouldn’t assume others to have.
«Happy birthday! As a loyal Quantas customer, we would like to offer you a sneak peek of our upcoming Black Friday deals. Consider it a little birthday present from us.»
scam call you with further fake extortions like "I'm in jail mom you need to bail me out!" since they have birthdates they can target older people for this. my mom has received at least four of these calls, since I always get the "ARE YOU OK? WAS THAT A SCAM?" phone call afterwards. the first time it happened, they were about to go to the bank to wire money when dad said, "let's try calling his cell!"
we'd like to think these scams are stupid but unfortunately they work
To apply for a credit card in Australia, you need to supply at least two forms of ID, such as an Australian driver's license, passport, or Medicare card.
Do the banks actually check that the documents are legit? I'm sure your favorite LLM can generate pictures of all these documents in the blink of an eye.
Because they usually don't, and they certainly don't in Australia where it's essentially impossible. The government run IDMatch DVS can verify that the biographic information is correct, but can not verify the authenticity of the document.
This kind of fraud is not special in Australia, it happens thousands of times every single day. There is currently no way to prevent it.
The last time I applied for a credit card (about 4 years ago) in Australia, the bank used an app that read the photo page and chip of my passport to verify that it was a real document. That process does verify the authenticity of the document.
There are IDs in Australia which can be verified this way. There are also more than enough accepted IDs that can not, rendering such verification mechanisms rather pointless.
On another note, it's important to keep in mind that this is really the bank's problem. It's not something consumers should worry about.
Authenticate to phone banking in the name of a customer and request a personal loan. And in general, open a large line of credit in someone else's name.
This you can do somewhere? My bank asks me 20 questions (many like my first pet name, the last transaction I did etc) and then calls me back on the registered phone number. That data alone should get you nothing really. For credit here , small or large, you have to prove you are you or you get a nice police escort. Most of these apps, even if you are already registered, want you to tap your passport to nfc and scan your face for anything serious.
Surely name, email, phone and date of birth aren't enough to do this at any bank? That's not quite public info but near enough. I've filled that in on hundreds of forms during my life and it's info that any of my friends have.
> global data was stolen between April 2024 and September 2025 and includes personal and contact information of the companies’ customers and employees, including dates of birth, purchase histories and passport numbers.
Curious, what's the worst a bad actor do with name, email address, phone number and birth date?