Jump to content
Cruise Critic Community
voljeep

Princess website got 'hacked'

Recommended Posts

Read closely it had to do with employee e-mails. You would ever send sensitive days over an e-mail

Share this post


Link to post
Share on other sites
On 3/2/2020 at 6:08 PM, bluesea321 said:

 

Hi voljeep, were you notified about this today?  I read the announcement and it states "between April 11 and July 23, 2019, an unsanctioned third party gained unauthorized access...." so I am wondering what took so long to notify affected customers.

 

Wait until there is a much bigger problem going on and then announce.  Look how little this is being discussed.  Not even a sticky on this forum.  One topic. 

Share this post


Link to post
Share on other sites
On 3/3/2020 at 9:57 AM, 1Gizmo said:

Some of questions about why did they wait so long? That notice was dated May of 2019. So it is not just being sent out.

Yes it is.  Princess just disclosed this week 

Share this post


Link to post
Share on other sites

As an ex-email admin, I've repeated this phrase many times over the past 40ish years, never, ever, send any information that you don't want exposed via email, it is inherently insecure by definition of the protocol.   

Share this post


Link to post
Share on other sites

Reading between the lines, they notified the people affected and put out a quiet public release.

 

Why would a full fanfare press release be needed when some email accounts were compromised and the contents potentially accessed by a third-party.  Sounds like a pretty minor breach, probably passswords reused by employees and breach stems from one of the big account credential leaks from a while back. 

 

Not really news imho

Share this post


Link to post
Share on other sites

Likely only affects those who have a PVP. I can't see where anybody else would be involved.

Share this post


Link to post
Share on other sites

For what it's worth, this from CNBC article online today.

 

Sample Notification Letter attached

 

“We take privacy and security of personal information very seriously, and we are offering affected individuals free credit monitoring and identity theft detection services,” Carnival said in sample consumer notification letter submitted to the California attorney general.

Exhibit B - Sample Consumer Notification US-2 (Submitted).pdf

Share this post


Link to post
Share on other sites
On 3/2/2020 at 4:39 PM, Cruise Raider said:

 

I caught that 'employee email' statement ... that makes me feel better.  Whew!  

There are also phone numbers to call. Has anyone done this? I like other never put this info in an email. I have put in partials and sent the balance via another system, but never all the info into one body.

Share this post


Link to post
Share on other sites
12 hours ago, TheRabbit said:

There are also phone numbers to call. Has anyone done this? I like other never put this info in an email. I have put in partials and sent the balance via another system, but never all the info into one body.

 

I didn't call ... never sent any information except for my booking number and sail date into an email to Princess.  I do closely monitor all my accounts.  

Of note, I also received this same notification from Holland America, but again, no sensitive information had ever been sent via email.  

Share this post


Link to post
Share on other sites
13 hours ago, msw.delafield said:

For what it's worth, this from CNBC article online today.

 

Sample Notification Letter attached

 

“We take privacy and security of personal information very seriously, and we are offering affected individuals free credit monitoring and identity theft detection services,” Carnival said in sample consumer notification letter submitted to the California attorney general.

Exhibit B - Sample Consumer Notification US-2 (Submitted).pdf 68.29 kB · 3 downloads

 

Credit monitoring and identity theft detection is something that anyone can do on their own.  It's the repair of your credit and identity, after the fact, that is crucial, which isn't covered by this free service.  Just my 2 cents ... 

Share this post


Link to post
Share on other sites
15 hours ago, Cruise Raider said:

 

Credit monitoring and identity theft detection is something that anyone can do on their own.  It's the repair of your credit and identity, after the fact, that is crucial, which isn't covered by this free service.  Just my 2 cents ... 

 

My Capital One credit card does this automagically. My credit rating is always available and they also do credit monitoring.

Share this post


Link to post
Share on other sites
10 hours ago, Thrak said:

 

My Capital One credit card does this automagically. My credit rating is always available and they also do credit monitoring.


Many  institutions do the monitoring for no charge.  No need to have another company do it ‘for free’.  

Share this post


Link to post
Share on other sites

My PII has been hacked by everyone. Remember the government laptop with the security backgrounds on thousands of federal employees that was stolen? Yep, lucky me. I was notified (along with every co-worker I had) that my information had indeed been shared with some nefarious entities and here are some links to sites that can help you should you encounter identity theft....

 

I don't even count anymore all the notifications from other places (even a travel agency!) whose systems had been hacked. None was as damaging as the theft of that DoD laptop.

Share this post


Link to post
Share on other sites
Posted (edited)
On 3/2/2020 at 7:28 PM, Sea Hag said:

Since it was email accounts, everybody who has never sent their personal info to Princess via email ought to be fine. Ought to. In a reasonable world. I've never emailed mine, so unless Princess employees like to forward emails back and forth amongst themselves, I think I'll be fine.

 

This was likely just a CYA thing, which is why its a notice posted to their website and not a wider messaging.  Likely what happened, a couple of employees clicked links in emails they weren’t supposed to and gave the bad actor their credentials.  It wouldn’t be limited to emails that YOU sent Princess, but what those respective employees sent internally to other employees, which is much more likely (depending on their position) to contain more personal information.  That said, its likely its VERY limited information int the grand scheme of things.  Most major companies archive all employee emails, so they likely have an idea exactly what was potentially compromised and posted this to cover themselves.  Just my thoughts.  

Edited by Steelers0854

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Forum Jump
    • Categories
      • Forum Assistance
      • SPECIAL EVENT: Q&A with the Quark Expeditions Team!
      • New Cruisers
      • Cruise Lines “A – O”
      • Cruise Lines “P – Z”
      • River Cruising
      • ROLL CALLS
      • Digital Photography & Cruise Technology
      • Member Cruise Reviews
      • Special Interest Cruising
      • Cruise Discussion Topics
      • UK Cruising
      • Australia & New Zealand Cruisers
      • North American Homeports
      • Ports of Call
      • Cruise Conversations
×
×
  • Create New...