To remind, as a result of the cyberattack, the company’s systems and phones were offline.
However, immediately upon learning of this incident, Hurtigruten disabled the affected computer systems, took down the internet connection to prevent any further intrusion, and launched a forensic investigation to determine the nature and scope of the incident.
“Based on our investigation, the personal information that might have been affected by this incident consisted of affected customers’ – names, dates of birth, passport numbers and passport expiration dates. Affected customers’ email addresses, mailing addresses, and/or phone numbers might also have been affected by this incident”.
…the company said in a press release.
As further explained, credit and debit card information, social security numbers, driver’s license numbers, and government-issued identification card numbers were not affected by this incident.
If affected customers were treated by a medical provider during their stay on the MS Fram or the MS Midnatsol, certain information collected by that medical provider may have been affected by this incident, such as the medical provider’s notes about the affected customer’s visit.
“Hurtigruten values the information security of all customers and is currently working to resolve this situation. Hurtigruten immediately took steps to contain the issue and commenced an investigation to determine the data and individuals that may have been affected”.
Concluding the company is continuing to work with third-party cybersecurity experts to enhance the security of their systems and reduce the risk of a similar event happening in the future.