Cyber Incident Victim: AIDA Cruises

In late December 2020, AIDA Cruises experienced a significant cyber incident affecting multiple vessels, including the Aidamar and Aidaperla, as well as land-based operations in Rostock, Germany. German newspaper Bild characterized the disruption as an "immense" IT failure that compromised both shipboard and shore-based telephone and internet systems. The outage impaired operational communications across the impacted infrastructure, though the company’s public statements did not specify the exact onset time or initial detection methods. Reports indicated the incident originated from a cyberattack, though technical details regarding intrusion vectors or malware deployment remained undisclosed. The disruption coincided with the cruise line’s operational activities in its home port, suggesting geographical targeting or infrastructure dependencies. No passenger data breaches or safety incidents were explicitly cited in initial reports.

The attack’s consequences included functional paralysis of critical communication channels necessary for fleet coordination and port operations. Analysis of a ransom note image by Cruise Law News linked the incident to the DoppelPaymer ransomware group, known for prior attacks on industrial and transportation entities. The note’s contents and specific ransom demands were not publicly disclosed by AIDA or corroborating sources. Recovery timelines and restoration efforts were not detailed in available reporting, nor were containment measures such as network segmentation or third-party forensic involvement confirmed. Operational disruptions underscored the attack’s focus on availability and service continuity rather than explicit data exfiltration. The incident highlighted vulnerabilities in maritime IT infrastructure but yielded no verified information regarding long-term operational or financial impacts on AIDA Cruises.