Update: Cunard Data Breach Exposes 1,200-Plus Cruise Passengers

June 26, 2012

(7:30 a.m. EDT) -- Cunard has been forced to shut down its online booking system for guests after accidentally sending personal information of more than 1,200 passengers to an undisclosed number of people who are registered on the system.

Cruise Critic first became aware of the breach when member davyjones posted on the message boards that he'd received an e-mail with a spreadsheet attachment containing the contact information of 1,225 Cunard passengers. The information in the spreadsheet included booking reference numbers, names and email addresses.

Passport information was not sent out, a Cunard spokeswoman confirmed. However, it would theoretically be possible to access individuals' passport information using the booking reference numbers, names and email addresses.

Davyjones wrote: “This information would allow me to see all the information such as address, contact number and passport information that you need to enter before your cruise.”

Cunard spokeswoman Jackie Chase confirmed the mishap to Cruise Critic. "Cunard can confirm that an e-mail was sent in error to some guests containing details relating to other guests' bookings. We took swift action to close down the check-in system, Voyage Personalizer, until we are able to re-issue new secure log-in details to all affected guests. We are very sorry if this error has caused our guests any concern and we would like to reassure them that the issue has been dealt with and we are in the process of contacting relevant guests with new, secure log-in."

Cunard added in a statement: “We are taking steps to ensure that this could not happen again.”

Cruise Critic member bluemarble was among those who received notification that his booking number was being changed. He received an "Emergency Notification Urgent" e-mail stating, "Due to system issues, we will be issuing a new Booking Number for the booking referenced in this notification. Within 48 hours you will receive a new Booking Confirmation with a new Booking Number… We apologize for any inconvenience this may cause."

The e-mail did not indicate whether or not bluemarble's contact information had been shared with other guests.

Though it is expected that cruise lines will keep their passengers' information safe, the lines' terms and conditions are written to protect them in circumstances such as this.

Cunard's legal and privacy policy states: "Cunard Line cannot guarantee the security of any information you transmit to us or from our site, and therefore you use our site at your own risk."

Cunard would not disclose how many people the email was sent to nor how the e-mail with the attachment was originally sent.

Passengers could be compensated as a result of the mishap, depending on circumstances. A line spokeswoman said: "We do not anticipate that any of our guests will suffer loss as a result of this error, but if they do they should contact us straightaway to make us aware of the circumstances."

Passport information can be used for identify theft, so anyone who believes their information was shared may want to contact the U.S. Bureau of Consular Affairs or the U.K.'s Information Commissioner's Office, which delas with data protection.

--by Dori Saltzman, News Editor