Hurtigruten

In December 2020, Norwegian cruise company Hurtigruten fell victim to a ransomware attack targeting two of its vessels, *Fram* and *Midnatsol*. Hackers encrypted and stole customers' personal data, including names, dates of birth, passport numbers, email addresses, phone numbers, and critically medical records of passengers treated onboard between 2016–2020 (Midnatsol) and 2018–2020 (Fram). The attack forced the company to shut down its website, disrupting operations and communications. Hurtigruten reported the incident to Norwegian authorities and the Oslo Stock Exchange, while collaborating with a newly formed cyber resilience center to contain the breach and prevent further damage. The threat actors and their motives remained unidentified, but the stolen data posed significant risks of identity theft, fraud, and privacy violations for affected customers. The incident underscored vulnerabilities in maritime cybersecurity, particularly as Norwegian organizations sought to bolster defenses against escalating cyber threats in the sector.

Source: https://www.rivieramm.com/news-content-hub/news-content-hub/hurtigruten-suffers-cyber-attack-62331

TPRM report: https://www.rankiteo.com/company/hurtigrutengroup

"id": "hur623092125",
"linkid": "hurtigrutengroup",
"type": "Ransomware",
"date": "6/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 'Guests of Fram (2018–2020) and '
                                              'Midnatsol (2016–2020); medical '
                                              'records of treated customers',
                        'industry': 'travel/hospitality (maritime)',
                        'location': 'Norway',
                        'name': 'Hurtigruten',
                        'type': 'cruise company'}],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (passport numbers, medical data)',
                 'type_of_data_compromised': ['personally identifiable '
                                              'information (PII)',
                                              'medical records (potentially)']},
 'date_detected': '2020-12-13',
 'description': 'In December 2020, Hurtigruten, a Norwegian cruise company, '
                'suffered a ransomware attack targeting two of its vessels, '
                "'Fram' and 'Midnatsol'. The attack resulted in the theft of "
                "customers' personal data, including names, dates of birth, "
                'passport numbers, email addresses, and phone numbers. The '
                'encrypted data affected visitors who traveled onboard the '
                'Fram (2018–2020) and the Midnatsol (2016–2020). Medical '
                'records of customers treated during their stay on either ship '
                'may also have been compromised. The company took its website '
                'offline and notified authorities, including filing a '
                'statement with the Oslo Stock Exchange. The threat actors and '
                'their motivations remain unidentified. The incident occurred '
                'amid efforts by Norwegian organizations to establish a cyber '
                'resilience center for the maritime sector.',
 'impact': {'brand_reputation_impact': 'Likely negative due to data breach and '
                                       'public disclosure',
            'data_compromised': ['names',
                                 'dates of birth',
                                 'passport numbers',
                                 'email addresses',
                                 'phone numbers',
                                 'medical records (potentially)'],
            'identity_theft_risk': 'High (PII and passport data exposed)',
            'operational_impact': 'Website shutdown; potential disruption to '
                                  'guest services',
            'systems_affected': ['Fram vessel (2018–2020 guest data)',
                                 'Midnatsol vessel (2016–2020 guest data)',
                                 'company website (taken offline)']},
 'initial_access_broker': {'high_value_targets': ['guest PII',
                                                  'medical records']},
 'investigation_status': 'Ongoing (threat actors and motivations unidentified '
                         'as of report)',
 'post_incident_analysis': {'corrective_actions': ['Collaboration with '
                                                   'Norwegian cyber resilience '
                                                   'center to strengthen '
                                                   'maritime sector defenses']},
 'ransomware': {'data_encryption': True, 'data_exfiltration': True},
 'references': [{'source': 'Public disclosure (Oslo Stock Exchange filing)'}],
 'regulatory_compliance': {'regulatory_notifications': ['Oslo Stock Exchange',
                                                        'Norwegian authorities '
                                                        '(unspecified)']},
 'response': {'communication_strategy': ['Public statement filed with Oslo '
                                         'Stock Exchange',
                                         'Authorities notified'],
              'containment_measures': ['Website taken offline',
                                       'Collaboration with Norwegian cyber '
                                       'resilience center to prevent spread'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True},
 'title': 'Ransomware Attack on Hurtigruten Cruise Vessels (Fram and '
          'Midnatsol)',
 'type': 'ransomware'}