Home News 247 Canadians from MS Zaandam Cruise Face Unintentional Data Breach

247 Canadians from MS Zaandam Cruise Face Unintentional Data Breach


A data breach by Global Affairs Canada (GCA) has exposed personally identifiable information (PII) including passport information of 247 Canadians aboard the Coronavirus affected MS Zaandam cruise ship. The unintentional data breach was caused by an “administrative error” as per the information shared with CBC.

MS Zaandam, a Holland America Line cruise liner, was docked at Fort Lauderdale (Florida) on April 2, 2020, The cruise was carrying 247 Canadian nationals among others that faced the  Coronavirus infection and were left stranded for more than four weeks, as against their original voyage that should have ended within two weeks. The already traumatized Canadian passengers, however, are now dealing with another issue — that of an unintentional data breach.

The Unintentional Data Breach

The GCA kept all the Canadian citizens on-board MS Zaandam and updated them about its efforts for a quick and safe passage for their return to Canada. During this process, on April 1, 2020, GCA mistakenly sent them an email attachment consisting of PII details of all the 247 passengers including their address, date of birth, email, phone number, and passport number. The GCA promptly registered their mistake and sent an apologetic follow-up email to everyone explaining the unintentional data breach. They requested the passengers to keep an eye on their finances and private details for suspicious activities and to subscribe for a credit monitoring service.

U.K. FCAs Accidental Data Breach

Earlier in February 2020, the U.K.’s Financial Conduct Authority (FCA) admitted that it accidentally exposed the confidential details of around 1,600 consumers who complained against it, in response to a Freedom of Information (FoI) request for data. In an official notice, the regulator stated that certain underlying classified information like names, addresses, and phone numbers of complainants may have been accessible on its website. However, the company clarified that no financial, payment card, passport, or other identity information was exposed in the incident.

According to FCA, the exposed information is related to the individuals who complained between January 2, 2018, and July 17, 2019. FCA removed the relevant data from its website immediately after noticing the data breach.