Princess website got 'hacked'

[memoak]

Read closely it had to do with employee e-mails. You would ever send sensitive days over an e-mail

[LMaxwell]

On 3/2/2020 at 6:08 PM, bluesea321 said:

 

Hi voljeep, were you notified about this today?  I read the announcement and it states "between April 11 and July 23, 2019, an unsanctioned third party gained unauthorized access...." so I am wondering what took so long to notify affected customers.

 

Wait until there is a much bigger problem going on and then announce.  Look how little this is being discussed.  Not even a sticky on this forum.  One topic. 

[LMaxwell]

On 3/3/2020 at 9:57 AM, 1Gizmo said:

Some of questions about why did they wait so long? That notice was dated May of 2019. So it is not just being sent out.

Yes it is.  Princess just disclosed this week 

[CruiseVA]

As an ex-email admin, I've repeated this phrase many times over the past 40ish years, never, ever, send any information that you don't want exposed via email, it is inherently insecure by definition of the protocol.   

[jb008]

Reading between the lines, they notified the people affected and put out a quiet public release.

 

Why would a full fanfare press release be needed when some email accounts were compromised and the contents potentially accessed by a third-party.  Sounds like a pretty minor breach, probably passswords reused by employees and breach stems from one of the big account credential leaks from a while back. 

 

Not really news imho

[Thrak]

Likely only affects those who have a PVP. I can't see where anybody else would be involved.

[msw.delafield]

For what it's worth, this from CNBC article online today.

 

Sample Notification Letter attached

 

“We take privacy and security of personal information very seriously, and we are offering affected individuals free credit monitoring and identity theft detection services,” Carnival said in sample consumer notification letter submitted to the California attorney general.

Exhibit B - Sample Consumer Notification US-2 (Submitted).pdf

[TheRabbit]

On 3/2/2020 at 4:39 PM, Cruise Raider said:

 

I caught that 'employee email' statement ... that makes me feel better.  Whew!  

There are also phone numbers to call. Has anyone done this? I like other never put this info in an email. I have put in partials and sent the balance via another system, but never all the info into one body.

[Cruise Raider]

12 hours ago, TheRabbit said:

There are also phone numbers to call. Has anyone done this? I like other never put this info in an email. I have put in partials and sent the balance via another system, but never all the info into one body.

 

I didn't call ... never sent any information except for my booking number and sail date into an email to Princess.  I do closely monitor all my accounts.  

Of note, I also received this same notification from Holland America, but again, no sensitive information had ever been sent via email.  

[Cruise Raider]

13 hours ago, msw.delafield said:

For what it's worth, this from CNBC article online today.

 

Sample Notification Letter attached

 

“We take privacy and security of personal information very seriously, and we are offering affected individuals free credit monitoring and identity theft detection services,” Carnival said in sample consumer notification letter submitted to the California attorney general.

Exhibit B - Sample Consumer Notification US-2 (Submitted).pdf 68.29 kB · 3 downloads

 

Credit monitoring and identity theft detection is something that anyone can do on their own.  It's the repair of your credit and identity, after the fact, that is crucial, which isn't covered by this free service.  Just my 2 cents ... 

[Thrak]

15 hours ago, Cruise Raider said:

 

Credit monitoring and identity theft detection is something that anyone can do on their own.  It's the repair of your credit and identity, after the fact, that is crucial, which isn't covered by this free service.  Just my 2 cents ... 

 

My Capital One credit card does this automagically. My credit rating is always available and they also do credit monitoring.

[Cruise Raider]

10 hours ago, Thrak said:

 

My Capital One credit card does this automagically. My credit rating is always available and they also do credit monitoring.

Many  institutions do the monitoring for no charge.  No need to have another company do it ‘for free’.  

[Steelers0854]

On 3/2/2020 at 7:28 PM, Sea Hag said:

Since it was email accounts, everybody who has never sent their personal info to Princess via email ought to be fine. Ought to. In a reasonable world. I've never emailed mine, so unless Princess employees like to forward emails back and forth amongst themselves, I think I'll be fine.

 

This was likely just a CYA thing, which is why its a notice posted to their website and not a wider messaging.  Likely what happened, a couple of employees clicked links in emails they weren’t supposed to and gave the bad actor their credentials.  It wouldn’t be limited to emails that YOU sent Princess, but what those respective employees sent internally to other employees, which is much more likely (depending on their position) to contain more personal information.  That said, its likely its VERY limited information int the grand scheme of things.  Most major companies archive all employee emails, so they likely have an idea exactly what was potentially compromised and posted this to cover themselves.  Just my thoughts.  

Edited March 7, 2020 by Steelers0854