[BreachExchange] Cruise Line Hack Exposes Personal and Financial Data

Destry Winant destry at riskbasedsecurity.com
Thu Mar 5 10:12:51 EST 2020


https://cruiseradio.net/cruise-line-hack-exposes-personal-and-financial-data/

Princess Cruises has announced that a hacker managed to gain access to
“some” employee E-mail accounts and, as a result, some passenger
information was obtained.

How They Fell Victim To The Cyber Attack

“In late May 2019,” says a press release, “Princess Cruises identified
a series of deceptive E-mails sent to employees resulting in
unauthorized third-party access to some employee E-mail accounts. The
company acted quickly to shut down the attack and prevent further
unauthorized access. It also retained a major cybersecurity firm to
investigate the matter while reinforcing security and privacy
protocols to further protect systems and information.”

While Princess does not go into detail, the type of attack described
is most like what is commonly known as phishing.

This type of attack involves an E-mail that looks legitimate, but is
actually being used in an attempt to gain access to information.

How You Could Be Impacted

“The investigation revealed unauthorized third-part access to certain
E-mail accounts containing employee and guest personal information,”
continued the release, “including names, Social Security numbers,
government identification number, such as passport numbers, national
identity card numbers, credit card, and financial account information,
and health-related information.”

In other words, the hack managed to obtain all of the information a
passenger would provide to a cruise line during the booking process.

Princess says that they “notified law enforcement of the incident and
are notifying affected individuals where possible.”

It’s unclearly, however, why so much time lapsed between the time of
the incident and their notification of the public.

Although the company says “there is currently no indication of any
misuse of this information,” they are offering to pay for credit
monitoring and identity protection services to all those impacted.
Those with questions related to the breach are asked to call
1-833-719-0091 if within the United States, or 1-936-215-6456 if
calling internationally.


More information about the BreachExchange mailing list