Jump to content
Cruise Critic Community

Good reminder not to share your travel info on the internet

kctwinmommy
 Share

Recommended Posts

SwordBlazer Cruising

SwordBlazer Cruising

Posted
Posted
1 hour ago, aborgman said:

 

That is largely irrelevant.

 

They are basically two separate things -  no matter how stupid the customer is, the company is still required to meet certain minimum requirements security wise.

 

Citibank is currently being sued by the State of New York for something very similar:

 

"Defendant has violated New York Executive Law § 63(12) by engaging in repeated and persistent illegal conduct by:

 

- failing to develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of consumers’ financial account information.

 

- failing to maintain a data security program that is appropriately designed to detect, prevent, and mitigate identify theft in response to red flags indicative of possible identity theft."

 

...but hey - Citi regularly claims they don't need to do anything because:

 

“You did not take adequate steps to safeguard your account. This failure compromised the security of your account information and directly contributed to allowing the transaction(s) in question to take place.”

 

Lets play devils advocate here. How was her booking information retrieved. By someone hacking into her cruise line account or by someone viewing her social media? Do we have concrete, detailed information? Having a SSL security issue on your domain is vastly different than someone going to a computer and entering your confirmation and booking information obtained from a public posting. So no, it's not irrelevant. 

  • Like 3
Link to comment
Share on other sites
aborgman Great Review Rare

aborgman

Posted
Posted
15 hours ago, SwordBlazer Cruising said:

Lets play devils advocate here. How was her booking information retrieved. By someone hacking into her cruise line account or by someone viewing her social media? Do we have concrete, detailed information? Having a SSL security issue on your domain is vastly different than someone going to a computer and entering your confirmation and booking information obtained from a public posting. So no, it's not irrelevant. 

 

Again - even if the customer did everything wrong in securing their information, the retailer can also be at fault for failure to have adequate security. One parties failure does not excuse the other parties failure if it exists.

 

 

 

 

  • Like 1
Link to comment
Share on other sites
SwordBlazer Cruising

SwordBlazer Cruising

Posted
Posted (edited)
7 hours ago, aborgman said:

 

Again - even if the customer did everything wrong in securing their information, the retailer can also be at fault for failure to have adequate security. One parties failure does not excuse the other parties failure if it exists.

 

 

 

Edited by SwordBlazer Cruising
Link to comment
Share on other sites
SwordBlazer Cruising

SwordBlazer Cruising

Posted
Posted (edited)
1 minute ago, SwordBlazer Cruising said:

How do we know there was a security flaw on the side of the cruise line. If I give my 4 digit pin # to my debit card to someone and tell them the bank I do business with and they withdraw cash from the ATM, that's not a security flaw on the merchants behalf. Its

 a customer that was not responsible for his /her actions.  

 

Edited by SwordBlazer Cruising
Link to comment
Share on other sites
BlerkOne "Live from...." Rare

BlerkOne

Posted
Posted
7 hours ago, aborgman said:

 

Again - even if the customer did everything wrong in securing their information, the retailer can also be at fault for failure to have adequate security. One parties failure does not excuse the other parties failure if it exists.

 

 

 

 

A flaw in the system 

Link to comment
Share on other sites
aborgman Great Review Rare

aborgman

Posted
Posted
31 minutes ago, SwordBlazer Cruising said:

 

 

"How do we know there was a security flaw on the side of the cruise line. "

We don't - that would be up to the courts to decide... but the mere fact that the customer screwed up does not in any way excuse potential negligence by the cruise line. Both can be at fault.

 

"If I give my 4 digit pin # to my debit card to someone and tell them the bank I do business with and they withdraw cash from the ATM, that's not a security flaw on the merchants behalf."

Correct - but if you give your checkbook to someone and tell them the bank you do business with, and they withdraw cash from the bank, and the bank does not adequately check and make sure it is you... that IS a security flaw on the banks behalf which they are responsible for.

 

If it turned out the bank had an ATM which didn't bother to ask for a PIN - that would be a security flaw that would make the bank liable.

 

If it turned out the person went inside and handed a teller the card to make a withdrawal, and the teller failed to verify the person making the withdrawals identity - that would be a security flaw that would make the bank liable.

 

For example, in the past (not true anymore) -

 

If someone stole your credit card and the vendor did adequate security, then the credit card company got hit with the fraudulent charge.

 

If someone stole your credit card and the vendor did not do adequate security, then the credit card company would not pay the fraudulent charge and the vendor would get hit with the fraudulent charge.

Link to comment
Share on other sites
SwordBlazer Cruising

SwordBlazer Cruising

Posted
Posted
7 minutes ago, aborgman said:

 

"How do we know there was a security flaw on the side of the cruise line. "

We don't - that would be up to the courts to decide... but the mere fact that the customer screwed up does not in any way excuse potential negligence by the cruise line. Both can be at fault.

 

"If I give my 4 digit pin # to my debit card to someone and tell them the bank I do business with and they withdraw cash from the ATM, that's not a security flaw on the merchants behalf."

Correct - but if you give your checkbook to someone and tell them the bank you do business with, and they withdraw cash from the bank, and the bank does not adequately check and make sure it is you... that IS a security flaw on the banks behalf which they are responsible for.

 

If it turned out the bank had an ATM which didn't bother to ask for a PIN - that would be a security flaw that would make the bank liable.

 

If it turned out the person went inside and handed a teller the card to make a withdrawal, and the teller failed to verify the person making the withdrawals identity - that would be a security flaw that would make the bank liable.

 

For example, in the past (not true anymore) -

 

If someone stole your credit card and the vendor did adequate security, then the credit card company got hit with the fraudulent charge.

 

If someone stole your credit card and the vendor did not do adequate security, then the credit card company would not pay the fraudulent charge and the vendor would get hit with the fraudulent charge.

Your going so far off topic here pal. At the end of the day, that cruise guest is at fault, she did not protect her booking information and whoever took her booking information followed the correct path to alter the booking and cancel it. You're not going to win this argument nor will she. She is an irresponsible consumer, full stop. I am done going back and forth with your copy and paste wikipedia responses. 

Link to comment
Share on other sites
aborgman Great Review Rare

aborgman

Posted
Posted
40 minutes ago, SwordBlazer Cruising said:

Your going so far off topic here pal. At the end of the day, that cruise guest is at fault, she did not protect her booking information and whoever took her booking information followed the correct path to alter the booking and cancel it. You're not going to win this argument nor will she. She is an irresponsible consumer, full stop. I am done going back and forth with your copy and paste wikipedia responses. 

 

The cruise guest is at fault.

 

Carnival could potentially also be at fault, if a court were to find their security too lax.

 

That is highly unlikely - because Carnival's lax security is pretty much hospitality industry standard. Adhering to industry standards is no guarantee, it carries very significant weight.

 

 

Link to comment
Share on other sites
BlerkOne "Live from...." Rare

BlerkOne

Posted
Posted (edited)
6 minutes ago, aborgman said:

 

The cruise guest is at fault.

 

Carnival could potentially also be at fault, if a court were to find their security too lax.

 

That is highly unlikely - because Carnival's lax security is pretty much hospitality industry standard. Adhering to industry standards is no guarantee, it carries very significant weight.

 

 

If a frog had wings it wouldn't bump its a**** So many hypotheticals.

 

The 500 million or so records stolen in the Ticketmaster breach is going to be more interesting.

Edited by BlerkOne
Link to comment
Share on other sites
aborgman Great Review Rare

aborgman

Posted
Posted
1 minute ago, BlerkOne said:

If a frog had wings it wouldn't bump its a**** So many hypotheticals.

 

The 500 million or so records stolen in the Ticketmaster breach is going to be more interesting.

 

Hypotheticals we've seen burn numerous other industries... Who had significantly better security than the joke that is standard in the hospitality industry.

 

It's coming for the hospitality industry. A hotel/airline/cruise line is eventually going to get burned in court if they continue with this laughable level of security that's weaker than the security to get a library card.

Link to comment
Share on other sites
BlerkOne "Live from...." Rare

BlerkOne

Posted
Posted
On 6/13/2024 at 2:16 PM, aborgman said:

 

Apparently she has - latest I've seen is the Florida AG is investigating.

 

...and this is not extortion under US federal law, or any US states law.

I didn't see that (and still don't). I see where she says the Florida AG reached out to her - whatever that means. I still don't see where Carnival or the Florida AG has said anything about her allegations. It is all one sided from her.

Link to comment
Share on other sites
CoasterGuy

CoasterGuy

Posted
Posted
On 6/6/2024 at 10:25 PM, Cruising_Addict said:


Or you can just make your social media page private and only “friend” people you actually know. It’s really simple to do. 

 

That's still not enough, Someone you trust can still not be all that trustworthy and take a screenshot and share with others you dont want the info shared with. Or worse yet, use the info in a nefarious way themselves. 

Link to comment
Share on other sites
aborgman Great Review Rare

aborgman

Posted
Posted
20 hours ago, aborgman said:

 

It's coming for the hospitality industry. A hotel/airline/cruise line is eventually going to get burned in court if they continue with this laughable level of security that's weaker than the security to get a library card.

 

...and it looks like the industry standard is changing - American Airlines is in the process of rolling MFA for accounts, United is piloting MFA, Disney has been doing MFA for two years, AirBNB and Booking.com have had MFA since 2018...

 

"Of the 55 top travel booking websites Dashlane tested —which included all of the major U.S. airlines, rental car and cruise companies—only apartment/housing rental site Airbnb received top marks for its data security policies...

 

...But a staggering 89% of the travel sites tested failed"

Link to comment
Share on other sites
vwrestler171

vwrestler171

Posted
Posted

I think Carnival knows there is an issue or they would not have offered the cruise, plus $10k FCC(Her words).  Her refusing that offer shows that she wants a lot more which has skewed a lot of sympathy from her.  She wants Carnival to refund 100% PLUS the money she spent on a different vacation.  She also refuses to accept any responsibility for her error.  Yes there can be an error on Carnivals site, but she also committed a huge error.  Carnival attempted to make it right and she refused.

Link to comment
Share on other sites
SwordBlazer Cruising

SwordBlazer Cruising

Posted
Posted
13 hours ago, vwrestler171 said:

I think Carnival knows there is an issue or they would not have offered the cruise, plus $10k FCC(Her words).  Her refusing that offer shows that she wants a lot more which has skewed a lot of sympathy from her.  She wants Carnival to refund 100% PLUS the money she spent on a different vacation.  She also refuses to accept any responsibility for her error.  Yes there can be an error on Carnivals site, but she also committed a huge error.  Carnival attempted to make it right and she refused.

How can anyone blame the cruiseline and say it's a security issue? The consumer allowed her private information public and from her account, someone followed the normal path to cancel her booking. Sure, there could be another layer to authenticate if its the real person but a security "flaw" would be someone hacking into her crusieline loyalty account and taking her booking details that way. Its falls on her and her husband 1000%. The same can be done for a Southwest ticket, Delta, and the list goes on. The cruiseline offered her compensation and she was greedy and now gets nothing. 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
  • Forum Jump
    • Categories
      • Welcome to Cruise Critic
      • ANNOUNCEMENT: Set Sail on Sun Princess®
      • Hurricane Zone 2024
      • Cruise Insurance Q&A w/ Steve Dasseos of Tripinsurancestore.com June 2024
      • New Cruisers
      • Cruise Lines “A – O”
      • Cruise Lines “P – Z”
      • River Cruising
      • ROLL CALLS
      • Cruise Critic News & Features
      • Digital Photography & Cruise Technology
      • Special Interest Cruising
      • Cruise Discussion Topics
      • UK Cruising
      • Australia & New Zealand Cruisers
      • Canadian Cruisers
      • North American Homeports
      • Ports of Call
      • Cruise Conversations
×
×
  • Create New...