Viking Line Confirms Data Breach via Third-Party Supplier
Viking Line, a ferry operator, has reported a data breach affecting customer information after a security incident at a third-party subcontractor responsible for pre-order services, including onboard purchases and reservations. The breach was discovered earlier this week.
Finnish media outlets, including Yle, Iltalehti, and Hufvudstadsbladet, report that the exposed data includes advance booking details and potentially passenger personal information. The threat actor "bytetobreach" has claimed responsibility on dark web forums, alleging access to a full passenger database including vehicle registration plates and payment transaction records linked to onboard services via the NetAxept API. Samples of the data were reportedly made available for free download.
Viking Line has assembled a large internal team, working with external experts, to investigate the incident. While the company described the leaked information as limited, it confirmed that certain traveler data was exposed. Swedish communications chief Eleonora Hult din stated that operations remain unaffected, with no evidence suggesting the breach impacted core booking systems or ongoing voyages.
Source: https://www.shippax.com/en/news/viking-line-hit-by-data-breach.aspx
Viking Line cybersecurity rating report: https://www.rankiteo.com/company/viking-line
"id": "VIK1773312326",
"linkid": "viking-line",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Passengers with advance '
'bookings',
'industry': 'Ferry Operations',
'location': 'Finland/Sweden',
'name': 'Viking Line',
'type': 'Company'}],
'attack_vector': 'Third-Party Supplier Compromise',
'data_breach': {'data_exfiltration': 'Yes (samples available for free '
'download on dark web)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information and payment data)',
'type_of_data_compromised': ['Advance booking details',
'Passenger personal information',
'Vehicle registration plates',
'Payment transaction records']},
'description': 'Viking Line, a ferry operator, reported a data breach '
'affecting customer information after a security incident at a '
'third-party subcontractor responsible for pre-order services, '
'including onboard purchases and reservations. The breach '
'exposed advance booking details and potentially passenger '
"personal information. The threat actor 'bytetobreach' claimed "
'responsibility on dark web forums, alleging access to a full '
'passenger database including vehicle registration plates and '
'payment transaction records linked to onboard services via '
'the NetAxept API.',
'impact': {'data_compromised': 'Advance booking details, passenger personal '
'information, vehicle registration plates, '
'payment transaction records',
'identity_theft_risk': 'Potential',
'operational_impact': 'No impact on core booking systems or '
'ongoing voyages',
'payment_information_risk': 'Potential',
'systems_affected': 'Third-party pre-order services (NetAxept '
'API)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Alleged (samples '
'available)',
'entry_point': 'Third-party subcontractor '
'(pre-order services)'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Yle'},
{'source': 'Iltalehti'},
{'source': 'Hufvudstadsbladet'}],
'response': {'communication_strategy': 'Public disclosure via media outlets',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Yes (external experts)'},
'threat_actor': 'bytetobreach',
'title': 'Viking Line Data Breach via Third-Party Supplier',
'type': 'Data Breach'}