Cyber Incident Victim: Vantage Travel
Date:
Apr 2023
Location:
United States of America
Summary
A ransomware attack disrupted the company's operations, impacting call center functionality, website access, email systems, and internal infrastructure. Temporary communication channels including a dedicated Gmail account and social media messaging were established while restoration efforts progressed. Law enforcement was notified, and third-party firms Booz Allen Hamilton and Constangy, Brooks, Smith and Prophete were engaged for incident response and system recovery. Limited website functionality was restored first, followed by call center reactivation. Four Netherlands voyages were canceled due to vessel readiness issues and two Egypt trips due to regional safety concerns unrelated to the cyber incident, with affected guests notified directly. Operational continuity was maintained for ongoing and scheduled trips despite temporary service delays.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 20, 2023, Vantage Travel discovered a ransomware attack that disrupted its call center, website, email systems, and other internal operations. The incident forced the company to rely on temporary communication channels, including a Gmail address ([email protected]), Facebook Messenger, and Instagram Direct Messages, while advising customers to provide reservation numbers and contact details for follow-up. By April 28 at 6:30 PM ET, the company partially restored its website with limited functionality but anticipated call center restoration by May 1. Law enforcement was notified upon discovery, and Vantage engaged cybersecurity firms Booz Allen Hamilton and Constangy, Brooks, Smith and Prophete to investigate the attack, restore systems, and protect guest information. Employees worked continuously to manage disruptions for travelers en route or preparing for departures, with no trips canceled specifically due to the ransomware incident.
The attack caused prolonged service interruptions, with the call center remaining offline until May 1 at 5:30 PM, after which extended hours (9 AM–7 PM) were implemented to handle high call volumes. Customers experienced delays in support responses and were directed to check trip statuses via the MyPortfolio online portal. Vantage clarified that four Netherlands trips were canceled due to vessel readiness issues and two Egypt trips were canceled, attributing the latter decision to proximity concerns following a U.S. State Department Sudan Travel Advisory. All affected guests received direct notifications, and the company emphasized ongoing monitoring of Egypt itineraries for safety. Internal systems restoration progressed incrementally, with website functionality prioritized first, while operational updates were disseminated through the company’s outage webpage and social media channels. Founder Henry Lewis publicly acknowledged customer distress and apologized for the inconvenience, reiterating Vantage’s focus on resolving the incident and maintaining service continuity.