This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. To find out more about the cookies we use, see our privacy policy

Norwegian data breach: the cyber security impact of Coronavirus

As the number of cases of Coronavirus continue to grow, governments across the world are taking drastic measures to protect citizens. Italy and Spain have entered lockdown, Germany has closed its borders, New York City has closed its schools and the UK is continuing to monitor cases with talks of border closures in the future. Amidst the uncertainty, stock markets are fluctuating and it’s unknown as to when life might return to normal.

A pandemic like this has far-reaching and long-term implications for businesses, and one industry currently experiencing huge losses is travel. With fewer people travelling and more countries going into lock-down, the next few months will prove devastating to some operators. DynaRisk’s intelligence team has identified a number of travel companies at risk including Norwegian Cruise Lines; hackers breached a portal used by travel agencies all over the world, exposing nearly 27,000 user emails and passwords. 

Norwegian Cruise Line data breach

On 13 March 2020, DynaRisk’s intelligence team discovered a breached database belonging to Norwegian Cruise Line. After verifying that the data records are legitimate credentials, we notified a Norwegian Cruise Line representative immediately. Despite opening our message later that day, we received no response.  After five days a representative responded to our team to discuss the breach; as yet, we do not know if the travel agents on the list have been notified of the breach.


The breached list was shared on a hacking forum on March 13th


The data was breached from Norwegian’s travel agent portal on the 12th of March and contains information belonging to nearly 27,000 travel agents who use the cruise line’s websites. The information included clear text passwords and email addresses used to login to the portal and concerns agents working for companies including TUI and Virgin Holidays.


NCL's travel agent portal that was breached by hackers


Specifically, the file contains 29,969 data records, 24,602 of which are unique. Already vulnerable at this time, the travel agents on the list are at higher risk of cyber crime. They are now exposed to account takeovers on numerous platforms, sophisticated phishing emails and fraud which could put further pressure on large travel agents or worse still, put smaller agents out of business.


A screenshot of a computer

Description automatically generated
A sample of the data breached concerning Virgin Holidays travel agents

While we cannot comment on whether this breach happened as a result of the Coronavirus outbreak, companies defences may be lacking right now – either as a result of a reduced workforce or being inundated with security issues. This will certainly apply to the travel industry over the coming months, therefore it’s important for both management and individual employees to play their part in protecting the business.


Travel – what’s happening?

In recent weeks, flights have been turned around mid-air in a bid to keep the virus contained. The Guardian has put together a list that summarises current travel restrictions and the measures individual countries have put in place. 

A well as disruption to flights, a number of cruise ships were quarantined and refused permission to berth in a bid to control outbreaks onboard. For several days in February, the Diamond Princess which was put into isolation in Yokohama Port, Japan, after isolated Coronavirus cases were detected on board. It was the second-largest outbreak site for Coronavirus in the world, behind mainland China. During a two-week enforced quarantine, nearly 700 people on board were infected, and seven died. 

As a result, some cruise lines are suspending all cruises until April – a decision that will have long-term financial implications. One company currently under fire for attempting to mislead potential customers is Norwegian Cruise Line; leaked emails show managers asking sales staff to lie to customers that are ‘on the fence’. One such lie was that Coronavirus is not a concern in warm Caribbean climates. While some scientists believe that the virus may be less successful in warmer months, this is based on the behaviour of similar viruses and has yet to be proven for Coronavirus specifically.


Coronavirus: implementing a cyber security strategy

If not in place already, every company regardless of size should have a strategy to help cope with current strains. Hackers are already targeting people’s reliance on digital tools and we have spotted a number of sophisticated Coronavirus-specific phishing scams. To protect your workforce, we recommend…

  1. If staff are working remotely, follow our top tips to ensure cyber hygiene practices are maintained at home.
  2. Send staff official updates about the virus from a trusted internal email address. Make it known that this is an official communication and ask staff to thoroughly check sources before opening emails, clicking on links or downloading files. We have a thorough guide to spotting phishing emails here and tips on spotting malicious websites here.
  3. During times of increased isolation, people will be spending more time online. This could result in dangerous online behaviours such as streaming from risky websites, opening phishing emails or visiting malicious websites. Remind your staff to use their devices carefully, especially if the same devices are being used to carry out their jobs.
  4. Monitor your employee data with DynaRisk. We can alert staff if we discover their information has been breached or leaked online and offer remedial advice to secure their accounts. We are offering our Ultimate plan FREE for 30 days to help businesses secure their employees working remotely. Select our Ultimate plan here and use code WORKREMOTE to get started.


By reminding employees to be vigilant and follow stringent online safety guidelines, your workforce can remain protected. For further advice on cyber security and ways you can protect your business, contact us today.