Norwegian’s Travel Agents Portal Breached
On 13 March 2020, DynaRisk’s intelligence team found a breached database belonging to Norwegian. The data in question is related to travel agents who use Norwegian’s travel agent portal. DynaRisk says that they notified Norwegian immediately upon verifying the legitimacy of the data records. However, it took days to receive a response despite the initial message being opened later that day. After five days, a representative responded to the cybersecurity team to discuss the breach. At the moment, the portal is “temporarily unavailable”. No further explanation is given on the portals’ home page.
Clear Text Passwords and Emails Involved
The information leaked included clear text passwords and email addresses the travel agents used to login to Norwegian’s portal. The addresses belong to travel agents working for major leisure, travel and tourism companies, such as Hays Travel, Co-operative Travel, TUI and Virgin Holidays. On 18 March, DynaRisk contacted several of the travel agents. The breach did not involve guest data, but is – again – a stern reminder for companies to properly secure databases and for everyone to use 2-factor authentication wherever possible as well as unique and strong passwords. This is to prevent cybercriminals from using breached email addresses and passwords to login to different platforms where the same credentials have been used.
Even More Vulnerable
The data breach leaves agents that are already vulnerable at this time due to the coronavirus outbreak at an even higher risk of cybercrime. This is because the data breach makes them more vulnerable to account takeovers, sophisticated phishing emails, and fraud. Norwegian is the third cruise liner that made cybersecurity headlines this month. In early March, Princess Cruises confirmed a data breach that also had an impact on Holland America Line. Both are owned by the same parent company, Carnival Corporation.