A major cruise operator has suffered a data breach as the travel industry battles the storm created by the COVID-19 outbreak.
Data exposed in the incident included clear text passwords and email addresses used to log in to the Norwegian Cruise Line travel agent portal by agents working for companies including Virgin Holidays and TUI.
DynaRisk said data relating to 29,969 travel agents was breached from the portal on the agents.ncl.eu website on March 12.
“After verifying that the data records are legitimate credentials, we notified a Norwegian Cruise Line representative immediately. Despite opening our message later that day, we received no response. After five days a representative responded to our team to discuss the breach,” said a DynaRisk spokesperson.
DynaRisk said that the incident left agents who were “already vulnerable at this time” at higher risk of cybercrime.
A DynaRisk spokesperson said: “They are now exposed to account takeovers on numerous platforms, sophisticated phishing emails and fraud, which could put further pressure on large travel agents or worse still, put smaller agents out of business.”
Norwegian Cruise Lines told Infosecurity Magazine: “It has recently come to our attention that the agents.ncl.eu website may have been compromised. In an abundance of caution, we are in the process of asking certain travel partners that may have been affected to change their password for the site and any site for which they may have used the same password, and to remain vigilant of any suspicious activity or emails.
“We believe limited personal information was involved, specifically names of travel agencies and business contact information such as business addresses and email. This appears to be a unique and isolated incident that involved only a regional travel partner portal which houses marketing materials and educational information and did not involve guest data. We are deeply committed to protecting the security and confidentiality of information and regret any concern this matter may have caused.”
Norwegian is the third cruise line this month to hit the cybersecurity headlines. Princess Cruises and Holland America Line both reported being hacked on March 2.
Attackers are always shifting their methods to stay ahead of defenders. New-school security awareness training can help your users keep up with the constantly changing threat environment, especially when more of them (or all) are working remotely.
With thanks to the Cyber Defence Alliance and Info Security magazine. The full story is here: https://www.infosecurity-magazine.com/news/norwegian-cruise-line-suffers-data/
Request Your Security Awareness Training Demo
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilise users as your last line of defence.
Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW