Hurtigruten Reports Passenger Data Exposed in Cyberattack

cyberattack exposes cruise passenger data
Fram was one of the two cruise ships affected by this cyberattack (Hurtigruten)

Published Mar 1, 2021 5:55 PM by The Maritime Executive

Hurtigruten is reporting a breach of consumer information in the recent cyberattack the shipping company experienced in December 2020. At the time, it was believed to be a significant attack. The company had taken systems offline while it investigated.

According to the details Hurtigruten released today, an unauthorized individual encrypted the computer systems relating to two of their ships, the Fram and Midnatsol. The data impacted encompassed guests that sailed aboard the Fram between 2018 and 2020 and for guests aboard the Midnatsol between 2016 and 2020.

Based on the investigation, the personal information that might have been affected by this incident consisted of customers' names, dates of birth, passport numbers, and passport expiration dates. Customers' email addresses, mailing addresses, and/or phone numbers might also have also been affected by this incident. The company also reports that if customers were treated by a medical provider during their stay on the Fram or the Midnatsol, certain information collected by that medical provider may have been affected by this incident, such as the medical provider's notes about the affected customer's visit.

Hurtigruten, however, says it does not store credit card or debit card numbers on its servers. It also believes that social security numbers, driver's license numbers, and government-issued identification card numbers were not affected by this incident. 

In addition to the investigation launched by Hurtigruten, the situation was reported to Norwegian law enforcement and the Federal Bureau of Investigation. Hurtigruten says that it is continuing to work with third-party cybersecurity experts to enhance the security of its systems and reduce the risk of a similar event happening in the future.

Hurtigruten is in the process of contacting customers and it is recommended that the affected travelers take steps to ensure personal information is safe including monitoring accounts, setting up fraud alerts, and monitoring personal health information. The individual affect may also speak with creditors on how to freeze accounts.

The cruise industry like many other consumer segments has suffered a number of cyberattacks. In 2020, Carnival Corporation reported a ransomware attack that was believed to have exposed data from passengers and crew. Three of the corporation’s cruise line, Carnival Cruise Line, Holland America Line and Seabourn, were all believed to have been impacted as well as the company’s casino operations. Prior to that, both Holland America Line and Princess Cruises had been targets of a cyberattack.

Globally, there has been an increase in the reports of attacks with some estimates putting the cost at over $2 trillion in 2019. According to industry professionals, there has been a 300 percent increase in cyberattacks since the beginning of the Covid-19 pandemic and the shipping industry has not been spared.