HAL Data Breach

[Alberta Quilter]

I was on the HAL website this morning and checked out the Coronavirus updates as well as some other things.  Just now, I went back to the HAL website and noticed another notification about a "privacy event" (right below the Coronavirus updates):  https://www.hollandamerica.com/en_US/news/public-notice-privacy-event.html  I don't believe this notification was there this morning.  Anyway, I wanted to bring it to everyone's attention so that they can monitor their credit scores as recommended by HAL.

 

 

[VMax1700]

9 minutes ago, Alberta Quilter said:

I was on the HAL website this morning and checked out the Coronavirus updates as well as some other things.  Just now, I went back to the HAL website and noticed another notification about a "privacy event" (right below the Coronavirus updates):  https://www.hollandamerica.com/en_US/news/public-notice-privacy-event.html  I don't believe this notification was there this morning.  Anyway, I wanted to bring it to everyone's attention so that they can monitor their credit scores as recommended by HAL.

 

 

Certainly was not there this morning.  Thanks for bringing it to our attention.

[1ANGELCAT]

Thanks for the information. I just emailed it to my travel agent.

[hobo1937]

Evidently Princess Cruises is also affected. Similar notice on their website. 

[TriumphGuy]

This pisses me off to no end. No excuse! None.

[nickel-and-dime-me]

They certainty are trying to downplay it as much as possible arent they?

 

"We have no reason to suspect your information is being misused".  How in the world could they provide any assurance of that?

[AncientWanderer]

Oh....how deflating.   

 

Thanks for the heads up, @Alberta Quilter

 

 

[canadianbear]

Saw this on Princess too before I saw it on HAL.  So much of this data breach going around.  Here in Canada we had a major one with Lifelabs.

[AV8rix]

Did they just post this info this morning concerning a data-breach event that apparently occurred in the timeframe of 4/11/19-7/23/19?  Or is there a more up-to-date link concerning a more recent event?

Edited March 3, 2020 by Av8rix

[Alberta Quilter]

I believe they did just post the notification of the breach that occurred last year as you note.  I didn't see that notification this morning when I checked on the coronavirus update and another poster above confirmed that it was not there this morning.

[CruisingAndDiving]

2 hours ago, Alberta Quilter said:

I believe they did just post the notification of the breach that occurred last year as you note.  I didn't see that notification this morning when I checked on the coronavirus update and another poster above confirmed that it was not there this morning.

This will be another kick in the teeth to CCL stock prices.  

 

Thanks for the heads up AQ...hopefully no one here is affected.  I did look at both Carnival and Cunard websites and couldn't see the same notification

Edited March 3, 2020 by CruisingAndDiving

[CruiserBruce]

So, cutting through the hype....this sounds like a Carnival Corp. data breach.

 

For all the cyber security experts posting here...what should they have done? Be very specific...as it might be important on your future job applications. 

[wesport]

I remember last year I had an unauthorized charge from Princess for $200. I called Chase and they immediately closed the account and sent me a new card. Very inconvenient. Now I know where it came from. 

[kazu]

Thanks for the heads up on this @Alberta Quilter.  I had been on the HAL site earlier in the day too and didn't see this notice.

Disconcerting if it is an old breach and they are just advising now.

[iwantsomesun]

Sure looks like they are using the Corona Virus to hide this notification. Geez. Happened a while back and they just post about it now? Sounds pretty low risk if it's just a matter of a few employee email accounts being compromised. I don't imagine that they are emailing around usernames/passwords. @CruiserBruce - security is a huge topic covering everything from physical security, firewalls, remote access practices, employee training on social engineering issues, etc. No one is going to reply with a detailed plan on what got missed by HAL. HAL probably responded with many pages of documentation on security enhancements to improve things, but even then, it's a constant improvement process that has no one answer.

[Queen of DaNile]

It's big news tonight. No wonder Carnival stock took another hit today. Be pro-active.

https://www.cnbc.com/2020/03/05/how-to-protect-yourself-from-princess-cruise-and-holland-america-data-hack.html

[CruiserBruce]

7 hours ago, iwantsomesun said:

Sure looks like they are using the Corona Virus to hide this notification. Geez. Happened a while back and they just post about it now? Sounds pretty low risk if it's just a matter of a few employee email accounts being compromised. I don't imagine that they are emailing around usernames/passwords. @CruiserBruce - security is a huge topic covering everything from physical security, firewalls, remote access practices, employee training on social engineering issues, etc. No one is going to reply with a detailed plan on what got missed by HAL. HAL probably responded with many pages of documentation on security enhancements to improve things, but even then, it's a constant improvement process that has no one answer.

I am very aware of how security works. The number of second guessing experts..."they should of", "no excuse" type comments show a lack of understanding of how the bad guys operate.

[thyme2go]

   Right now I'm royally PO'd with HAL for the secretive nature of this notice.   We have a trip planned within a month and today I got a notice that says NONE of my info that was inputted when I made the reservation is in their data base.   EVERYTHING..........all passport and Nexus info; emergency contacts and their info--every stinking thing of mine that HAL had-------was taken.   

Edited March 6, 2020 by thyme2go
wording

[SempreMare]

@thyme2go, could you copy & paste their letter to you about the breach here?

( MINUS your personal information of course 😉

 

re: 

 

>>  I got a notice that says NONE of my info that was inputted when I made the reservation is in their data base.   EVERYTHING..........all passport and Nexus info; emergency contacts and their info--every stinking thing of mine that HAL had-------was taken.   

[thyme2go]

SempreMare,  HAL did not send me a notice with the missing info AND the breach in one email.   I am the one who put that together as the email I received had the title "Missing  Information" which is not that unusual and I expected there to be one or two piece's of info missing........when I looked for the missing info i I discovered that everything when I made the reservation was no longer there.   

Two of us are traveling and these were the lists (slightly different) under each name.      

 

Person #1

Emergency Contact Name
Emergency Phone
Emergency Full Address
Passport Number
Country Of Passport
Issuance
Passport Issue Date
Passport Expiry Date
Invalid Travel Document
Type

 

Person #2:

Country Of Residence
Emergency Contact Name
Emergency Phone
Emergency Full Address
Citizenship
Passport Number
Country Of Passport
Issuance
Passport Issue Date
Passport Expiry Date
Country Of Birth
Invalid Travel Document
Type
Us Address While In Us

 

I don't presume to be on top of everything but it just seemed odd to me to be asking for  info that should have already been in their system..........especially after the breach.  

Edited March 6, 2020 by thyme2go

[Vict0riann]

Is that how it works?  When hackers "steal" your information they physically take it and there is nothing left in the file?

[mrmoviezombie]

Nope, that's not how it works, unless it's a ransomware attack. Where the intent is to extort money from HAL.

 

What is more likely is that HAL deleted the data themselves because they couldn't trust that the hacker hadn't modified it. Or more specifically they wiped the computers that the hacker access to. It usually simpler to hit it with a big hammer, especially when it's relatively easy to get the lost info from other "secure" sources.

[thyme2go]

Thanks mrmoviezombie for the plausable explanation...........

I didn't assume it was literally stolen but this is too weird given both things happened--security breach and empty data in my account.   I have to admit that HAL is not inspiring a lot of confidence right now............and inputting data is not fun either!

 

[VMax1700]

30 minutes ago, thyme2go said:

and inputting data is not fun either!

Specially on HAL's user-unfriendly website.

[MARLEY225]

3 hours ago, thyme2go said:

SempreMare,  HAL did not send me a notice with the missing info AND the breach in one email.   I am the one who put that together as the email I received had the title "Missing  Information" which is not that unusual and I expected there to be one or two piece's of info missing........when I looked for the missing info i I discovered that everything when I made the reservation was no longer there.   

Two of us are traveling and these were the lists (slightly different) under each name.      

 

Person #1

Emergency Contact Name
Emergency Phone
Emergency Full Address
Passport Number
Country Of Passport
Issuance
Passport Issue Date
Passport Expiry Date
Invalid Travel Document
Type

 

Person #2:

Country Of Residence
Emergency Contact Name
Emergency Phone
Emergency Full Address
Citizenship
Passport Number
Country Of Passport
Issuance
Passport Issue Date
Passport Expiry Date
Country Of Birth
Invalid Travel Document
Type
Us Address While In Us

 

I don't presume to be on top of everything but it just seemed odd to me to be asking for  info that should have already been in their system..........especially after the breach.  

Are you sure this request is actually from HAL?  I would call them direct and ask them about it.