Good reminder not to share your travel info on the internet

[PayneAS]

On 6/2/2024 at 2:10 PM, lazydayz said:

After all, someone from Carnival noticed something was wrong and cancelled all of the booked excursions. 

I doubt anyone from Carnival noticed it and manually cancelled all their booked excursions. I'm sure that was something automated that happened when the booking was cancelled. 

[Sea Raven]

4 hours ago, PlanoTim said:

I don’t really understand why someone would cancel someone else’s cruise like was described here.  Did the person who canceled the cruise receive a refund from Carnival somehow?  Was it an acquaintance of the cruiser with a big axe to grind?  Wouldn’t the individual that canceled the cruse want to get some benefit from doing so?  What would that benefit be?  Thanks,

Tim

They could have cancelled the current occupants to book the suite themselves or for another interested party who seized an opportunity when all the pertinent required  information was right in front of them. There is only one presidential suite to book, and possibly someone willing to get it this way.

[garycarla]

There is more to this story.

 

Surprised they did not get an cancel email.

 

Carnival offered to give all their cruise money back. They said no.

 

We are not seeing something here.

[garycarla]

You can get all of her public posts about this from FB. Just search on her name found in the news article above.

 

https://www.facebook.com/tiffanyjoannbanks

[aborgman]

28 minutes ago, garycarla said:

Carnival offered to give all their cruise money back. They said no.

 

 

No, Carnival offered a cruise credit of all of their fare. They did not offer a refund.

[papaflamingo]

On 6/3/2024 at 5:57 AM, Cruisercl said:

Why are people blaming the victims?

I don't think it's that people are blaming the victims as much as the victims are blaming Carnival which is entirely unfair.  Sounds like Carnival went well above and beyond with an offer for a full refund via future cruise credit.  That is beyond fair. 

[aborgman]

24 minutes ago, papaflamingo said:

 Sounds like Carnival went well above and beyond with an offer for a full refund via future cruise credit.  That is beyond fair. 

 

You can't offer a refund via cruise credit - credits are absolutely NOT a refund from a legal perspective.

 

As to whether or not Carnival holds any blame - that will depend on whether the courts think they:

 

1) Facilitated a 3rd party fraud. They can be found partially at fault (comparative negligence) for their security failure

 

2) Benefited from a 3rd party fraud. Did they make more money re-selling the cabin? They generally can't legally benefit from a 3rd party fraud.

[Cruisercl]

16 hours ago, vwrestler171 said:

I've canceled an NCL cruise online.  I didn't have to call in. Had a better deal on Carnival come up.

If she would accept some responsibility for her actions it would be one thing, but she is saying(at least was saying, I haven't kept up over the last week since this originally dropped), that it was all 100% on Carnival despite HER posting the booking information and then having ALL of her personal information needed to create a fake account clearly posted on her Facebook profile.  

Really? I have never been able to do this with NCL.

Can you show me where? It is not on any NCL website reservation that I have had.

Also, in the FAQs is says they need to be done by telephone.

TIA.

Edited June 4 by Cruisercl

[Journey11]

14 hours ago, Sea Raven said:

They could have cancelled the current occupants to book the suite themselves or for another interested party who seized an opportunity when all the pertinent required  information was right in front of them. There is only one presidential suite to book, and possibly someone willing to get it this way.

There are 2 Presidential Suites on the Excel Class ships.

Good Morning America did a segment on this matter this morning. Presented it as a cautionary tale about info you post on social media.

[papaflamingo]

26 minutes ago, aborgman said:

 

You can't offer a refund via cruise credit - credits are absolutely NOT a refund from a legal perspective.

 

As to whether or not Carnival holds any blame - that will depend on whether the courts think they:

 

1) Facilitated a 3rd party fraud. They can be found partially at fault (comparative negligence) for their security failure

 

2) Benefited from a 3rd party fraud. Did they make more money re-selling the cabin? They generally can't legally benefit from a 3rd party fraud.

I simply used the term "refund" for ease.  

How did Carnival "facilitate a 3rd party fraud?"  If someone gets ahold of your account numbers to your bank, or your credit card information, it's easy to get money out.  Happens all the time.  It's not the credit card company or bank's responsibility to call you every time someone who has your information accesses your account, it's YOUR responsibility to make sure you ACTIVATE higher security options (we had our info stolen in 2008, rest assured I have the highest levels of security activated). 

Carnival didn't "benefit" from the fraud, they offered a replacement cruise at full value.  The victim simply turned it down.

I'm not, of course, an attorney, sounds like you may be.  So clearly I defer to your expertise, but not really seeing how Carnival is responsible for someone's social media mistake. But let me ask you, if someone steals my credit card and charges $1000 worth of "stuff" from a company, is the company they bought it from liable to pay me back?  Is the credit card company?  Wouldn't that be "benefiting from 3rd party fraud?" 

[aborgman]

27 minutes ago, papaflamingo said:

How did Carnival "facilitate a 3rd party fraud?"  If someone gets ahold of your account numbers to your bank, or your credit card information, it's easy to get money out.  Happens all the time.  It's not the credit card company or bank's responsibility to call you every time someone who has your information accesses your account, it's YOUR responsibility to make sure you ACTIVATE higher security options (we had our info stolen in 2008, rest assured I have the highest levels of security activated). 

Carnival didn't "benefit" from the fraud, they offered a replacement cruise at full value.  The victim simply turned it down.

I'm not, of course, an attorney, sounds like you may be.  So clearly I defer to your expertise, but not really seeing how Carnival is responsible for someone's social media mistake. But let me ask you, if someone steals my credit card and charges $1000 worth of "stuff" from a company, is the company they bought it from liable to pay me back?  Is the credit card company?  Wouldn't that be "benefiting from 3rd party fraud?" 

 

 

1) How did Carnival "facilitate a 3rd party fraud?"

Well - that is up to the courts to decide... but if a company has lax enough security, and they KNOW it's a problem, and they do nothing to fix the issue - they can be liable through negligence for their failure.

 

Now - due to comparative negligence, it's almost certain the plaintiff would be partly at fault... but they can assign partial fault to both sides of the case.

 

As a corporation - if you know something is an issue - you can't just ignore it, even when you think it's the fault of the consumer (see: McDonalds Coffee case and 700+ previous incidents).

 

2) Carnival didn't "benefit" from the fraud

 

That is indeterminate. If the room getting cancelled allowed them to re-sell the room at a higher rate... they absolutely DID benefit from the fraud.

 

3) "if someone steals my credit card and charges $1000 worth of "stuff" from a company, is the company they bought it from liable to pay me back?"

 

Potentially, yes... well, to eat the loss and get no money from you or the credit card company.

 

A merchant may be held responsible for credit card fraud if they fail to follow proper security procedures or verify the legitimacy of a transaction.

 

 

Since the advent of EMV chipped credit cards -

 

1) if the card does not contain an EMV chip, the card issuer can be held liable. 

2) If the card contains an EMV chip but the merchant has not adopted EMV chip technology, the merchant can be held liable. 

3) the party with the least EMV-compliant transaction network will be responsible for the fraudulent transaction.

Edited June 4 by aborgman

[garycarla]

Okay, it appears they offered a future credit, not a refund. I get why they may not accept that.

 

BUT - there is still something missing here. Hard to even call this a scam, unless the new person in the cabin did it.  Nobody else would gain one cent from this happening.  Nothing.  Not a scam.

 

As to Carnival being at fault. Nope.  If I post my bank account info online, the bank is not at fault. Right?  Same thing here.

 

I am rather surprised that an email would not come from Carnival confirming the change in reservation status.

 

Why would someone do this?

  Maybe someone dislikes her so much, they did it.

  Maybe someone has nothing else to do and decided to  mess with her.

  Maybe someone wanted that cabin, and did it.

  Maybe Carnival messed up and cancelled it - though they say they did not.

 

Again, there is more to this story that we are not hearing about.

 

[aborgman]

8 minutes ago, garycarla said:

Okay, it appears they offered a future credit, not a refund. I get why they may not accept that.

 

BUT - there is still something missing here. Hard to even call this a scam, unless the new person in the cabin did it.  Nobody else would gain one cent from this happening.  Nothing.  Not a scam.

 

As to Carnival being at fault. Nope.  If I post my bank account info online, the bank is not at fault. Right?  Same thing here.

 

I am rather surprised that an email would not come from Carnival confirming the change in reservation status.

 

Why would someone do this?

  Maybe someone dislikes her so much, they did it.

  Maybe someone has nothing else to do and decided to  mess with her.

  Maybe someone wanted that cabin, and did it.

  Maybe Carnival messed up and cancelled it - though they say they did not.

 

Again, there is more to this story that we are not hearing about.

 

 

1) . Hard to even call this a scam, unless the new person in the cabin did it.  Nobody else would gain one cent from this happening.

 

There a couple scams that work this way:

 

a) Cancel the cruise/hotel/flight - and intercept the refund

b) Cancel the cruise/hotel/flight - and call the original purchaser pretending to be the cruise line/airline/hotel and tell them you need a credit card number (or gift cards, or...) to re-schedule their cancellation.

 

2) If I post my bank account info online, the bank is not at fault. Right? 

 

If you post your bank account info online, and the bank follows all normal security procedures - the bank is not at fault.

 

If you post your bank account info online, and the bank fails to follow all necessary and normal security procedures - the bank may be partially at fault.

[pc_load_letter]

20 hours ago, PlanoTim said:

I don’t really understand why someone would cancel someone else’s cruise like was described here.  Did the person who canceled the cruise receive a refund from Carnival somehow?  Was it an acquaintance of the cruiser with a big axe to grind?  Wouldn’t the individual that canceled the cruse want to get some benefit from doing so?  What would that benefit be?  Thanks,

Tim

 

A travel agent on /Cruise on Reddit explained it this way as she had seen it done with airline bookings....

 

The fraudster cancels the persons cruise, gets ahold of the cruiser via phone or email, then, posing as Carnival customer service, offers to rebook their cruise with a new credit card number to "confirm" the cruise. She indicated that fraudsters will also ask to have the cruise paid for with Visa gift cards, Apple pay cards etc.

 

The travel agent had indicated that she'd seen it mostly with airlines tickets but was seeing it moving to other travel experiences.

 

ETA: I talked to my wife about this who books all our trips. On our last cruise on Firenze, our traveling friends added us to their booking to ease speciality dinning reservations. I asked my wife, "do we get an email or anything notifying us of a change?". Wife said nothing is sent. IDK, seems to me that something should be sent if there is nothing to authenticate a user who can willy nilly modify your cruise.

 

Edited June 4 by pc_load_letter

[lazydayz]

4 hours ago, garycarla said:

There is more to this story.

 

Surprised they did not get an cancel email.

 

Carnival offered to give all their cruise money back. They said no.

 

We are not seeing something here.

 

No, Carnival offered them a $10,000 FCC (only after offering them two interiors on that sailing).  That is NOT the same as getting your money back.  

[papaflamingo]

5 hours ago, aborgman said:

 

 

1) How did Carnival "facilitate a 3rd party fraud?"

Well - that is up to the courts to decide... but if a company has lax enough security, and they KNOW it's a problem, and they do nothing to fix the issue - they can be liable through negligence for their failure.

 

Now - due to comparative negligence, it's almost certain the plaintiff would be partly at fault... but they can assign partial fault to both sides of the case.

 

As a corporation - if you know something is an issue - you can't just ignore it, even when you think it's the fault of the consumer (see: McDonalds Coffee case and 700+ previous incidents).

 

2) Carnival didn't "benefit" from the fraud

 

That is indeterminate. If the room getting cancelled allowed them to re-sell the room at a higher rate... they absolutely DID benefit from the fraud.

 

3) "if someone steals my credit card and charges $1000 worth of "stuff" from a company, is the company they bought it from liable to pay me back?"

 

Potentially, yes... well, to eat the loss and get no money from you or the credit card company.

 

A merchant may be held responsible for credit card fraud if they fail to follow proper security procedures or verify the legitimacy of a transaction.

 

 

Since the advent of EMV chipped credit cards -

 

1) if the card does not contain an EMV chip, the card issuer can be held liable. 

2) If the card contains an EMV chip but the merchant has not adopted EMV chip technology, the merchant can be held liable. 

3) the party with the least EMV-compliant transaction network will be responsible for the fraudulent transaction.

Again, I am not an attorney, sounds like you are, so I defer to your expertise.  But (there's always a "but"😜)

1."If a company has lax enough security, and they KNOW it's a problem, and they do nothing to fix the issue - they can be liable through negligence for their failure."  Is this a problem?  Do a lot of people have their cruises cancelled by someone at the last moment?  I doubt it.  In fact I'm willing to be this is an extremely rare if not unique situation.  So... should Carnival (or any other cruise/airline/hotel/car rental agency, etc.) have a "committee" and sit down and look at this when they designed their websites and ask themselves "gee, how do we prevent someone from using information from a social media outlet that some random passenger foolishly exposes and they use it to cancel the cruise even though there's no way they can get money or any other benefit from it?  How do we prevent that?"  I doubt it.

2. Carnival, and every other cruise line, "benefits" from last minute cancellations.  It's in their contract.  Since Carnival was fully unaware of the fraudulent cancellation, how can they be held responsible? For that matter, how does one prove someone else cancelled their cruise? The only "proof" at all is an IP address from British Columbia. BUT, I am from BC originally and have cousins and friends there.  What's to prevent me from calling one of them and getting them to cancel my cruise last minute and claim it was due someone fraudulently cancelling it? How do you prove that?

3.  "A merchant may be held responsible for credit card fraud if they fail to follow proper security procedures or verify the legitimacy of a transaction." Exactly WHAT is the "proper security procedures" that a cruise line must follow to ensure someone doesn't steal someone's  identity and cancel their cruise? 

Anyway... as I said, I'm not an attorney, just seems to be reasonable questions.  But as we all know the law doesn't always seem reasonable.  Bet it's going to be a lot harder to make any changes in your cruise once you booked at Carnival after this.  God help us if we want to change a shore excursion or dinner reservation OR even worse....cabin change.  The hoops we'll have to jump through will be never ending.....if you're correct. 

Edited June 4 by papaflamingo

[ChutChut]

8 minutes ago, papaflamingo said:

Again, I am not an attorney, sounds like you are, so I defer to your expertise.  But (there's always a "but"😜)

1."If a company has lax enough security, and they KNOW it's a problem, and they do nothing to fix the issue - they can be liable through negligence for their failure."  Is this a problem?  Do a lot of people have their cruises cancelled by someone at the last moment?  I doubt it.  In fact I'm willing to be this is an extremely rare if not unique situation.  So... should Carnival (or any other cruise/airline/hotel/car rental agency, etc.) have a "committee" and sit down and look at this when they designed their websites and ask themselves "gee, how do we prevent someone from using information from a social media outlet that some random passenger foolishly exposes and they use it to cancel the cruise even though there's no way they can get money or any other benefit from it?  How do we prevent that?"  I doubt it.

2. Carnival, and every other cruise line, "benefits" from last minute cancellations.  It's in their contract.  Since Carnival was fully unaware of the fraudulent cancellation, how can they be held responsible? For that matter, how does one prove someone else cancelled their cruise? The only "proof" at all is an IP address from British Columbia. BUT, I am from BC originally and have cousins and friends there.  What's to prevent me from calling one of them and getting them to cancel my cruise last minute and claim it was due someone fraudulently cancelling it? How do you prove that?

3.  "A merchant may be held responsible for credit card fraud if they fail to follow proper security procedures or verify the legitimacy of a transaction." Exactly WHAT is the "proper security procedures" that a cruise line must follow to ensure someone doesn't steal someone's  identity and cancel their cruise? 

Anyway... as I said, I'm not an attorney, just seems to be reasonable questions.  But as we all know the law doesn't always seem reasonable.  Bet it's going to be a lot harder to make any changes in your cruise once you booked at Carnival after this.  God help us if we want to change a shore excursion or dinner reservation OR even worse....cabin change.  The hoops we'll have to jump through will be never ending.....if you're correct. 

Good questions. Here's my take:

 

1. Does Carnival have a legal duty to take reasonable steps to ensure a passenger who posted his/her booking info on the world wide web isn't the victim of fraud? Don't know.

 

2. I think there's an equity argument here - at least in part. The passenger is a victim of alleged fraud albeit with some contributory issues of his/her own. So, the question in my mind is - is it fair/equitable for Carnival to benefit (double dip) from this fraud? Certainly, Carnival shouldn't lose money but it appears someone else booked that suite. So, should Carnival be unjustly enriched by an alleged fraud committed on one of its passengers? I would think - no.

 

3. I think this one deals with point-of-sale transactions, etc. But even if it deals with this type of situation, what, if any duty, does Carnival have to authenticate a cancellation, etc.? I don't know but it's a good question.

[kevingastreich]

On 6/2/2024 at 12:17 PM, Riemercruisin said:

This may be a dumb question. But supposedly there was an identity theft situation where someone from B.C. canceled her cruise. What would be the purpose/gain for anyone to do such a thing?

Ya, something smells fishy 

[kctwinmommy]

1 hour ago, kevingastreich said:

Ya, something smells fishy 

As others have said, she seems to be pretty open about all the things her family does. So maybe someone just didn't like her, she irritated someone, who knows. Plus, it appears she's getting a lot of air time with her story and promoting other things.

[aborgman]

14 hours ago, papaflamingo said:

Again, I am not an attorney, sounds like you are, so I defer to your expertise.  But (there's always a "but"😜)

1."If a company has lax enough security, and they KNOW it's a problem, and they do nothing to fix the issue - they can be liable through negligence for their failure."  Is this a problem?  Do a lot of people have their cruises cancelled by someone at the last moment?  I doubt it.  In fact I'm willing to be this is an extremely rare if not unique situation.  So... should Carnival (or any other cruise/airline/hotel/car rental agency, etc.) have a "committee" and sit down and look at this when they designed their websites and ask themselves "gee, how do we prevent someone from using information from a social media outlet that some random passenger foolishly exposes and they use it to cancel the cruise even though there's no way they can get money or any other benefit from it?  How do we prevent that?"  I doubt it.

2. Carnival, and every other cruise line, "benefits" from last minute cancellations.  It's in their contract.  Since Carnival was fully unaware of the fraudulent cancellation, how can they be held responsible? For that matter, how does one prove someone else cancelled their cruise? The only "proof" at all is an IP address from British Columbia. BUT, I am from BC originally and have cousins and friends there.  What's to prevent me from calling one of them and getting them to cancel my cruise last minute and claim it was due someone fraudulently cancelling it? How do you prove that?

3.  "A merchant may be held responsible for credit card fraud if they fail to follow proper security procedures or verify the legitimacy of a transaction." Exactly WHAT is the "proper security procedures" that a cruise line must follow to ensure someone doesn't steal someone's  identity and cancel their cruise? 

Anyway... as I said, I'm not an attorney, just seems to be reasonable questions.  But as we all know the law doesn't always seem reasonable.  Bet it's going to be a lot harder to make any changes in your cruise once you booked at Carnival after this.  God help us if we want to change a shore excursion or dinner reservation OR even worse....cabin change.  The hoops we'll have to jump through will be never ending.....if you're correct. 

 

 

1)  Is this a problem?  Do a lot of people have their cruises cancelled by someone at the last moment?  I doubt it.  In fact I'm willing to be this is an extremely rare if not unique situation.

 

Is this a problem? That will be up to the courts to decide in a civil case.

 

700 injury cases from billions of cups of coffee was considered often enough to be a "problem" that required the corporation to correct it. That is less than one in a million.

 

2) So... should Carnival (or any other cruise/airline/hotel/car rental agency, etc.) have a "committee" and sit down and look at this when they designed their websites and ask themselves "gee, how do we prevent someone from using information from a social media outlet that some random passenger foolishly exposes and they use it to cancel the cruise even though there's no way they can get money or any other benefit from it?  How do we prevent that?"  I doubt it.

 

Oh thank heavens you don't work in IT security.

 

Yes - they absolutely do (and should) be thinking of every possible avenue of entry and fraud... In fact PCI DSS compliance REQUIRES that they be doing those sorts of security audits.

 

3) Since Carnival was fully unaware of the fraudulent cancellation, how can they be held responsible?

 

Negligence specifically does not require intent.

 

4) What's to prevent me from calling one of them and getting them to cancel my cruise last minute and claim it was due someone fraudulently cancelling it? How do you prove that?

 

Piles and piles of REALLY basic security that is used all over the place in the IT world.

 

5) Exactly WHAT is the "proper security procedures" that a cruise line must follow to ensure someone doesn't steal someone's  identity and cancel their cruise? 

 

That will be up to the courts to decide in a civil case.

 

Generally they will look at industry best practices (hospitality industry, credit card industry, IT security industry/personal data protection), past precedent(and the "reasonable person" standard based on it), all the contract terms (and whether they're actually enforceable in a contract of adhesion), and the numerous state laws that might apply.

[papaflamingo]

19 minutes ago, aborgman said:

 

 

1)  Is this a problem?  Do a lot of people have their cruises cancelled by someone at the last moment?  I doubt it.  In fact I'm willing to be this is an extremely rare if not unique situation.

 

Is this a problem? That will be up to the courts to decide in a civil case.

 

700 injury cases from billions of cups of coffee was considered often enough to be a "problem" that required the corporation to correct it. That is less than one in a million.

 

2) So... should Carnival (or any other cruise/airline/hotel/car rental agency, etc.) have a "committee" and sit down and look at this when they designed their websites and ask themselves "gee, how do we prevent someone from using information from a social media outlet that some random passenger foolishly exposes and they use it to cancel the cruise even though there's no way they can get money or any other benefit from it?  How do we prevent that?"  I doubt it.

 

Oh thank heavens you don't work in IT security.

 

Yes - they absolutely do (and should) be thinking of every possible avenue of entry and fraud... In fact PCI DSS compliance REQUIRES that they be doing those sorts of security audits.

 

3) Since Carnival was fully unaware of the fraudulent cancellation, how can they be held responsible?

 

Negligence specifically does not require intent.

 

4) What's to prevent me from calling one of them and getting them to cancel my cruise last minute and claim it was due someone fraudulently cancelling it? How do you prove that?

 

Piles and piles of REALLY basic security that is used all over the place in the IT world.

 

5) Exactly WHAT is the "proper security procedures" that a cruise line must follow to ensure someone doesn't steal someone's  identity and cancel their cruise? 

 

That will be up to the courts to decide in a civil case.

 

Generally they will look at industry best practices (hospitality industry, credit card industry, IT security industry/personal data protection), past precedent(and the "reasonable person" standard based on it), all the contract terms (and whether they're actually enforceable in a contract of adhesion), and the numerous state laws that might apply.

Fair enough.  I do have a serious question though... in order to have canceled the cruise, it was necessary to go on the website and login to the account.  So...is a secure login considered "adequate security?"  And how did the offending party manage to get into the account to cancel the cruise?  I think the article stated that the offending party set up an account and then added the booking then cancelled it.  It doesn't discuss whether or not the victims ever established a login and registered the booking.  If not, then how would Carnival know that the person who enters all the appropriate registration data to establish an account is NOT the actual person who booked the cruise, and how would they verify this? 

We had all our identity stolen in 2008.  An attempt was made to get money from our accounts.  The thieves had managed to change our telephone service to add "remote call forwarding," and change our billing address to a different city plus cancel email notifications,  It took 2 weeks for the "change order" to be completed.  When it was, they forwarded our phones to a number in another state so that when banks, etc. contacted "us" to verify change requests or money withdrawals, etc. it would ring through via call forwarding and we would not get the call and were totally unaware of any problems (just thought we had a phone issue).  Luckily we were able to stop it before any money was withdrawn because they wanted a new credit card and needed my employee ID number for our employee credit union but didn't know it.  The Credit union knew that was "fishy" because everyone knows their employee ID number, so called us on our cell phone, so we discovered the ID theft,  but it was close. SO... who was at fault?  The phone company for making requested changes from someone who had all the info needed to verify they were me?  The banks (had they been suckered in)?   Credit card companies for issuing new cards? So if the thief used the victims ID to set up an account, then went into the account and cancelled the cruise, is Carnival still responsible? 

Guess we'll see what the courts say.  Anyway, thanks for the interesting discussion and exchange of view.  I definitely appreciate your legal comments, and they certainly add a new dimension to this for me.  Thanks. 😎

[aborgman]

5 minutes ago, papaflamingo said:

Fair enough.  I do have a serious question though... in order to have canceled the cruise, it was necessary to go on the website and login to the account.  So...is a secure login considered "adequate security?"  And how did the offending party manage to get into the account to cancel the cruise?  I think the article stated that the offending party set up an account and then added the booking then cancelled it.  It doesn't discuss whether or not the victims ever established a login and registered the booking.  If not, then how would Carnival know that the person who enters all the appropriate registration data to establish an account is NOT the actual person who booked the cruise, and how would they verify this? 

We had all our identity stolen in 2008.  An attempt was made to get money from our accounts.  The thieves had managed to change our telephone service to add "remote call forwarding," and change our billing address to a different city plus cancel email notifications,  It took 2 weeks for the "change order" to be completed.  When it was, they forwarded our phones to a number in another state so that when banks, etc. contacted "us" to verify change requests or money withdrawals, etc. it would ring through via call forwarding and we would not get the call and were totally unaware of any problems (just thought we had a phone issue).  Luckily we were able to stop it before any money was withdrawn because they wanted a new credit card and needed my employee ID number for our employee credit union but didn't know it.  The Credit union knew that was "fishy" because everyone knows their employee ID number, so called us on our cell phone, so we discovered the ID theft,  but it was close. SO... who was at fault?  The phone company for making requested changes from someone who had all the info needed to verify they were me?  The banks (had they been suckered in)?   Credit card companies for issuing new cards? So if the thief used the victims ID to set up an account, then went into the account and cancelled the cruise, is Carnival still responsible? 

Guess we'll see what the courts say.  Anyway, thanks for the interesting discussion and exchange of view.  I definitely appreciate your legal comments, and they certainly add a new dimension to this for me.  Thanks. 😎

 

 

All of these "who is at fault" questions have to be determined by courts (or contracts), and it important to remember it isn't black/white - courts can find one party 80% at fault and the other party 20% at fault.

 

 

 

 

[pc_load_letter]

It would not be hard for Carnival to implement any form of multi factor authentication for their website. When dealing with purchases of potentially thousands of dollars, I would welcome that change.

 

But doing some googling this morning, it would seem that there are a great number of laws on the books that punish the "do-er" of computer fraud but I can't find anything that holds the company liable. 

 

https://www.justice.gov/jm/jm-9-48000-computer-fraud

[aborgman]

29 minutes ago, pc_load_letter said:

It would not be hard for Carnival to implement any form of multi factor authentication for their website. When dealing with purchases of potentially thousands of dollars, I would welcome that change.

 

But doing some googling this morning, it would seem that there are a great number of laws on the books that punish the "do-er" of computer fraud but I can't find anything that holds the company liable. 

 

https://www.justice.gov/jm/jm-9-48000-computer-fraud

 

 

Look into negligence laws.

 

"As businesses are more and more getting hit with cybersecurity attacks, plaintiffs often sue under a plethora of claims seeking to recover damages and for various equitable relief. There exist many defenses to each of these theories, but this article focuses on the common law cause of action of negligence for an entity’s alleged failure to maintain adequate cybersecurity protections."

 

https://www.law.com/newyorklawjournal/2023/11/06/a-negligent-cybersecurity-breach/?slreturn=20240505120525

[pc_load_letter]

45 minutes ago, aborgman said:

 

 

Look into negligence laws.

 

"As businesses are more and more getting hit with cybersecurity attacks, plaintiffs often sue under a plethora of claims seeking to recover damages and for various equitable relief. There exist many defenses to each of these theories, but this article focuses on the common law cause of action of negligence for an entity’s alleged failure to maintain adequate cybersecurity protections."

 

https://www.law.com/newyorklawjournal/2023/11/06/a-negligent-cybersecurity-breach/?slreturn=20240505120525

 

I would imagine there are tons of loopholes.

 

I belong to San Diego's largest credit union, they do not even offer MFA\2FA for their web banking. Doubt I would be successful in any suit against them.