Passengers sailing on the cruise ship Fram between 2018 and 2020 and on the cruise liner Midnatsol between 2016 and 2020 may have been impacted. Those being treated for medical conditions onboard at this time may have also had their medical information affected.
Credit and debit card information, social security numbers, driver's license numbers, and government-issued identification card numbers were not affected by this incident, said a statement published by Hurtigruten as the company also confirmed it does not store credit card or debit card numbers.
Immediately upon learning of this incident, Hurtigruten disabled the affected computer systems, took down their internet connection to prevent any further intrusion, and launched a forensic investigation to determine the nature and scope of the incident.
Hurtigruten has said in a statement that it values the information security of all customers and is currently working to resolve this situation. Hurtigruten immediately took steps to contain the issue and commenced an investigation to determine the data and individuals that may have been affected. Hurtigruten also reported this matter to Norwegian law enforcement based on the company's Oslo headquarters location and the Federal Bureau of Investigation. Hurtigruten is continuing to work with third-party cybersecurity experts to enhance the security of its systems and reduce the risk of a similar event happening in the future.
Hurtigruten is in the process of contacting customers in order to improve its cyber threat prevention, detection and response. While there is no indication of actual harm to any individuals as result of this incident, Hurtigruten does recommend taking steps to ensure personal information is safe in including monitoring accounts, set up fraud alerts, monitor personal health information, gather additional information from creditors on how to freeze accounts as needed and contact additional resources to explore fraud protection options in the future through the FTC.