recent IT security event
(Costa Cruises, March 19 2021)
On December 25, 2020, we detected unauthorized third-party access to portions of our information technology systems. We acted quickly to shut down the unauthorized access, restore operations, and prevent further unauthorized access. A major cybersecurity firm was engaged to investigate the matter and we notified law enforcement agencies and appropriate regulators of the event.
What Information Was Involved?
While the investigation is ongoing, there is evidence that an unauthorized third-party gained access to certain systems, some of which may contain personal data relating to some of our guests, employees, and crew. The information impacted could include data routinely collected in connection with the guest travel and booking process or through the course of employment. That information may generally include names, addresses, phone numbers, passport numbers, and dates of birth. In some very limited instances, additional personal data may have been impacted. The investigation into the specific data impacted is ongoing. At this time, there is no evidence of any misuse of personal data, and there is no evidence of personal online credentials being impacted as a result of this event.
What We Are Doing.
We are working to identify the guests, employees, crew and other individuals whose personal data has been impacted. We aim to complete this process within the next 60-90 days and will then begin sending notifications, as appropriate, to individuals whose current contact information is available to the company. Where available, individuals who are notified will be offered complimentary identity protection services.
Meanwhile, we have established an e-mail hotline to answer questions regarding the event email@example.com.
As part of our ongoing operations, we are reviewing security and privacy policies and procedures and implementing changes to enhance information security and data protection controls.
What You Can Do.
Although there is no evidence of misuse of your personal data, and there is no evidence of personal online credentials being impacted as a result of this event, it is always a good idea to remain vigilant against threats of identity theft. You can do this by regularly reviewing and monitoring your account statements for any signs of unauthorized transactions or activity.
It is also always a good idea to be alert for “phishing” emails by someone who acts like they know you and asks you to click on a link or requests sensitive information over email. Given the nature of the data breach, there are steps you can take to protect yourself, including:
- changing your passwords, particularly for email and other online accounts, and enabling multi-factor authentication where possible.
- if you believe you are a victim of identity theft, reporting this to local police, asking for a police report or reference number, then contacting your financial institution to tell them what happened.
- Additionally, you can consult Europol’s tips and advice on identity theft prevention here: https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/tips-and-advice-to-prevent-identity-theft-happening-to-you.
Please note that, in connection with the above mentioned event, Costa Cruises will not contact you by telephone or by email to ask you for any personal information including your online credentials or any financial information such as credit cards numbers.
For More Information.
If you have any questions regarding this event, please contact us via email firstname.lastname@example.org.