Jump to content

Data Breach Announcement by Hurtigruten


Recommended Posts

Dear  guest,

We are writing to provide information on a data security incident that has affected some Hurtigruten guests’ information.  

Our investigations indicate that information for a limited number of guests having booked expedition voyages with two ships, MS Fram and MS Midnatsol, in a certain time period have been affected by the incident. For MS Fram the relevant time period is from 2018 to 2020. For MS Midnatsol the relevant time period is from 2016 to 2020. 

 

Assume anyone having sailed on the Midnatsol and Fram during those periods would have also have received this notification.

Link to post
Share on other sites

That's it????? Not asking you to get in touch with them some way? Providing the info as to how? Was that an email? We traveled on one of those ships during the described dates. And I have the same contact info as I did then. 

Link to post
Share on other sites
1 hour ago, jonikal said:

Dear  guest,

We are writing to provide information on a data security incident that has affected some Hurtigruten guests’ information.  

Our investigations indicate that information for a limited number of guests having booked expedition voyages with two ships, MS Fram and MS Midnatsol, in a certain time period have been affected by the incident. For MS Fram the relevant time period is from 2018 to 2020. For MS Midnatsol the relevant time period is from 2016 to 2020. 

 

Assume anyone having sailed on the Midnatsol and Fram during those periods would have also have received this notification.

It appears that this was back in December.

Link to post
Share on other sites
On 3/2/2021 at 2:20 AM, jonikal said:

Sorry I didn't copy and paste the entire text.  Thanks hallasm for adding the link.

But were you told to get in touch with them. And did you just get this considering it was announced in December?

Link to post
Share on other sites
17 hours ago, clo said:

But were you told to get in touch with them. And did you just get this considering it was announced in December?

This is what we received on March 3, 2021:

 

 
Dear  guest,
mail?url=http%3A%2F%2Fimage.mail.hurtigr

We are writing to provide information on a data security incident that has affected some Hurtigruten guests’ information.  

Our investigations indicate that information for a limited number of guests having booked expedition voyages with two ships, MS Fram and MS Midnatsol, in a certain time period have been affected by the incident. For MS Fram the relevant time period is from 2018 to 2020. For MS Midnatsol the relevant time period is from 2016 to 2020. 

We recently learned that your information has been affected by this incident.    

What happened? 
On December 14, 2020, we learned that an unauthorized actor gained remote access to our network and encrypted parts of our computer systems. At that time, however, we were unable to determine which guests may have been affected, if any, and what information might have been accessed. 

We immediately disabled affected computer systems, took down their internet connection to prevent any further intrusion and launched a forensic investigation to determine the nature and scope of the incident. We understand that Hurtigruten was one of many companies that was a victim of this type of intrusion.

What Information Was Involved? 
Based on our investigations, we have recently determined that your affected information involves:

  • Name and date of birth; 
  • If you were sailing with MS Midnatsol, your passport number and passport expiration date; and 
  • For some guests the affected information involves e-mail address, mailing address, and/or phone number.

Based on our investigations to date, the unauthorized actor did not gain access to your credit or debit card information, social security numbers, driver’s license numbers, or other government-issued identification card numbers. Hurtigruten does not store credit or debit card information.  

What We Are Doing? 
As noted above, we immediately took steps to contain the issue and commenced an investigation to determine the data and individuals that may have been affected. 

We reported this matter to Norwegian law enforcement and the Norwegian Data Protection Authority (since Hurtigruten is based in Norway) and the Federal Bureau of Investigation. We also notified other applicable privacy regulatory authorities.  

Over the past years we have made significant investments in data privacy and cyber security. Since this incident, we have further strengthened these efforts and our internal experts are working closely with third-party cybersecurity experts to further enhance the security of our systems and reduce the risk of a similar event happening in the future. 

What Can You Do 
On February 18, 2021, we discovered the unauthorized actor placed some of the above information on a difficult to access part of the web. We do not have any indication of actual harm to affected individuals as a result of this incident, but we still recommend you follow the enclosed additional steps that you can take to protect your personal information.

We sincerely regret any concerns or inconvenience that this incident may cause you. 

For More Information 
If you have questions or require further assistance, please contact us via one of these channels: 

Web pagehttps://www.hurtigruten.com/info/

Phone: 1 (833) 907-3030 (tollfree number). The phone line is open between 6:00 a.m. to 6:00 p.m. PST, Monday through Friday, excluding major U.S. holidays.

Sincerely, 

mail?url=http%3A%2F%2Fimage.mail.hurtigr
mail?url=http%3A%2F%2Fimage.mail.hurtigr
mail?url=http%3A%2F%2Fimage.mail.hurtigr
mail?url=http%3A%2F%2Fimage.mail.hurtigr
 
 

John Downey
President, Hurtigruten Americas
 

Link to post
Share on other sites

Thank you for sharing full text. This indicates that this information has only been sent to guests who have purchased MS Fram and MS Midnatsol voyages from the North America office - information is only available at hurtigruten.com - not on any other Hurtigruten web.  Probably to meet US / Canarian rules.

Link to post
Share on other sites
4 hours ago, hallasm said:

Thank you for sharing full text. This indicates that this information has only been sent to guests who have purchased MS Fram and MS Midnatsol voyages from the North America office - information is only available at hurtigruten.com - not on any other Hurtigruten web.  Probably to meet US / Canarian rules.

And evidently only those affected were notified. Evidently we weren't affected. Yes, thanks, @jonikal

Link to post
Share on other sites

A similar letter has been sent to people in lots of countries. We have had it on the UK. What does vary is when checking the online help associated with the relevant country. In the US they advise keeping a check on your credit rating in case someone tries to use your details.

 

In the UK, no mention of this!

 

Although credit and debit card details have not been taken, it does not mean you are safe against identity theft.

 

Lots of crew have also been affected and are not happy!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Forum Jump
    • Categories
      • Forum Assistance
      • SPECIAL EVENT: Q&A with Barbara Muckermann, CMO Silversea Cruises
      • ICYM Our Cruise Critic Live Special Event: Explore the Remote World with Hurtigruten!
      • New Cruisers
      • Cruise Lines “A – O”
      • Cruise Lines “P – Z”
      • River Cruising
      • ROLL CALLS
      • Digital Photography & Cruise Technology
      • Special Interest Cruising
      • Cruise Discussion Topics
      • UK Cruising
      • Australia & New Zealand Cruisers
      • Canadian Cruisers
      • North American Homeports
      • Ports of Call
      • Cruise Conversations
×
×
  • Create New...