Norwegian Cruise Line is an American cruise line headquartered in Miami and incorporated in Bermuda. It was founded in 1966 and is in the world’s top three most prominent cruise lines by customer number.
The breach was the easy access of customer information on one of Norwegian’s systems. The hackers accessed usernames and clear-text passwords, resulting in almost 30,000 victims.
The breach occurred when hackers accessed Norwegian Cruise Lines’ internal system, seemingly siphoning out information and selling it on the dark web. DynaRisk, a cyber security tool provider, discovered the data sale a few days after its occurrence. The company sent a message to Norwegian, which was not responded to until five days after its reception. “Despite opening our message later that day, we received no response. After five days a representative responded to our team to discuss the breach,” said DynaRisk.
This breach occurred on March 12th, 2020.
The breach impacts specific Norwegian customers. These people received notifications from Norwegian asking them to change their passwords. “In an abundance of caution, we are in the process of asking certain travel partners that may have been affected to change their password for the site and any site for which they may have used the same password, and to remain vigilant of any suspicious activity or emails,” stated a Norwegian spokesperson.
The breach affects 29,969 files and individuals. Some of these were simply partners of the cruise line and had not been users.