AIDA Cruise Ships Under Cyber Attack - Are Costa Ships Also Affected? | Cruise Law News

AIDA cruise ships, including the AIDAmar and the AIDAperla, are suffering what has been described as an “immense” IT problem, according to a German newspaper published today. Bild reports that the AIDA cruise line’s operations in its home port of Rostock, Germany have been affected by the failure of the company’s land based and shipboard telephone, computer and internet systems. Eye witnesses interviewed by the German newspaper state that “there was no internet connection from the headquarters to the ships.” The IT problems caused the company to cancel a number of cruises, including New Year’s Eve trips. At the moment due to the COVID-19 crisis, only these two Aida ships were scheduled to travel (to the Canary Islands).

The German newspaper interviewed a guest on the Carnival Corporation-owned AIDAmar who wishes to remain anonymous. He stated that “we are on the fifth day of our cruise . . . The boarding pass system has stopped working. Slips of paper are used that would otherwise be automatically debited, for example when you buy something. We learned secretly from the staff that there had been a hacker attack on the Aida servers.”

The captain of the AIDAmar reportedly announced to the ship’s passengers that there “were massive IT problems at the company’s headquarters in Rostock. All AIDA ships are affected.”

AIDA states on its Facebook page that it is currently affected by unspecified IT “technical” restrictions. “Therefore, our customers cannot reach us by phone or email . . . ” The company refuses to disclose the nature or details of its IT problems.

Crew members who wish to remain anonymous to avoid jeopardizing their employment contacted our office (see image above). One data security publication, “DataBreaches.net – the Office of Inadequate Security,” wrote “from the image of the ransom note, it appears that this is the work of DoppelPaymer threat actors.” One crew member informed us:

“What they are not telling is that the actual cause behind this issue is a cyber (ransom) attack on the networks of AIDA cruises. Networks ashore and onboard have been compromised and all ships are currently cut off from the internet.” They also suggest that the networks of COSTA Crociere and Carnival Maritime appear to be compromised as well.

At least one newspaper has reported that Costa Crociere, also owned by Carnival Corporation, is also affected by the IT problems. The blog Kreuzfahrttester reported that access to the Costa’s customer web portal was disrupted.

Carnival Corporation has not responded to our request for an explanation.

Carnival Corporation disclosed at the end of last summer that a subsidiary cruise line experienced a security breach involving the use of ransomware. In an 8-K filing with the US Securities Exchange Commission (SEC), Carnival said the incident took place on August 15th. The cyber attackers reportedly gained access to guest and employees’ personal data. Carnival refused to disclose any details about the cyber attack, such as the name of the ransomware utilized or the internal networks/brand that were impacted. It was later learned that data of guests and employees of Carnival subsidiary brands Carnival Cruise Line, Holland America Line and Seabourn were compromised in the attack.

In March, Carnival Cruise Line announced that employees on two of its cruise ships received “deceptive emails.” Employee and customer data was reportedly compromised in the apparent e-mail phishing attacks.

A year earlier, in May of 2019, Carnival-owned Princess Cruises identified a series of deceptive (phishing) emails sent to its employees resulting in unauthorized third-party access to some employee email accounts.

Earlier this month, the Ship Technology magazine published an article titled Cybersecurity: Is the Cruise Industry Prepared? The magazine outlined prior cruise ship cyber security problems and explained that recent cyber attacks could be linked to the Covid-19 pandemic. “With offices closed, most have been forced to work from home on unsecured networks, offering little defense against attackers.”

Have a comment or question? Please leave one below or join the discussion on our Facebook page.