Frequently Asked Questions

We became aware of this second wave of malicious messaging late this afternoon.

Based on our investigation, it appears this is not the result of a new data breach. Instead, the fraudsters are using data obtained during the breach on October 21st 2024; the leaked data include customer data between 24.10.2024 – 30.12.2025

Unfortunately, this case represents a second wave of phishing attempts by the criminal actors.

A short while ago, we contacted all guests whose data may have been compromised in the October 21st 2024 breach to inform them of the situation.

Some of our customers have reported receiving fraudulent messages via Booking.com chat and potentially other communication channels, falsely claiming to represent us. These messages may include requests for payments through unofficial links or other suspicious activities

We want to emphasize:

• We never ask for payments or sensitive information via unofficial channels.
• Do not open these messages or click on any links they contain.
• If you receive any suspicious messages, please notify us immediately so we can take swift action.
• We never ask to send us any attached files (Word, PDF etc.).

Visit Inari Oy (Hotel Inari, Holiday Village Inari, and Crow Creek Cabins) was targeted by a data breach on October 21, 2024, at 7:14 PM.

The data breach occurred through a third-party system regardless of the two-face authorization system. Based on current knowledge, the breach has happened through phishing landing page appearing in Google search engine. We are investigating the exact causes in cooperation with authorities. Upon receiving this information on October 25, 2024, at 8:14 PM, we took immediate action to secure our customers’ data and to resolve this exceptional situation.

The possible leaked data includes:

• Name
• Phone number
• Email
• Address
• Nationality
• Card type, expiration date, and last four digits
• Reservation details (cost, room type, arrival and departure dates)
• Preferred contact method (email or phone)
• Travel agency information if booked through one
• Company name and reference 

We are investigating further and will provide updates as more information becomes available.

The leaked data include customer data between 24.10.2024 – 30.12.2025 which are made prior to October 21, 2024, at 7:14 PM.

This incident may involve several hundred customers. We are committed to transparency and will continue to update you as we learn more.

Visit Inari Oy has contacted the customers that are involved with data breach.

The breach may lead to suspicious communications. If you receive any questionable calls or emails, check with us to confirm their legitimacy.

If you encounter a suspicious Booking.com chat message in German language asking to confirm your booking in 24 hr by entering the credit card information via a link, or if you replied to one, follow these guidelines:

1. Avoid clicking on any links: If you haven’t clicked any links, delete it.
2. If you replied but didn’t click any links: Deleting the message is still recommended. Replying alone is unlikely to pose a significant risk as long as no links were clicked and no sensitive information was shared.
3. Contact your bank or credit card provider: If you’ve shared card details or noticed unusual activity, get in touch with your bank or card issuer to discuss preventive measures.
4. When in doubt: If there is any uncertainty, consult your credit card company or bank.

No, confirmed bookings remain valid. If you’re unsure about your reservation’s status, please call us for verification.

If you are uncertain about the safety of a payment, please reach out to us at +358 40 179 6069 or sales@visitinari.fi before proceeding.

If you have provided card details in response to a suspicious message or website, contact your bank or card issuer immediately. Different countries may have varying procedures, so follow the advice of your bank and local authorities. You may be advised to block your card and request a replacement. In some cases, you might also need to file a report with a relevant data protection authority.

Currently, we believe that only your card type, expiration date, and the last four digits may have been accessed. These details alone are generally insufficient for making payments. Nevertheless, if you’re concerned, we suggest contacting your bank or credit card provider for further guidance.

If you encounter a suspicious WhatsApp message, Booking.com or email, or if you replied to one, follow these guidelines:

1. Avoid clicking on any links: If you haven’t clicked any links, report and block the sender on WhatsApp or mark the email as spam, then delete it.
2. If you replied but didn’t click any links: Deleting the message and reporting the sender is still recommended. Replying alone is unlikely to pose a significant risk as long as no links were clicked and no sensitive information was shared.
3. Contact your bank or credit card provider: If you’ve shared card details or noticed unusual activity, get in touch with your bank or card issuer to discuss preventive measures.
4. When in doubt: If there is any uncertainty, consult your credit card company or bank.

We are aware that some of our customers have received emails impersonating our hotel. These emails are not legitimate. We recommend not opening the message or clicking any links, and instead deleting the email. If you’re uncertain, contact us directly. If you’ve shared information based on the email, please reach out to your bank or credit card company without delay.

Our hotel only contacts customers via WhatsApp if the customer initiates communication on that platform. If you received an unsolicited message claiming to be from us, it is likely fraudulent. Please avoid opening the message or clicking on any links. We advise deleting it, and if necessary, reporting the incident to us. For any inquiries, reach out through our official contact points:

• Email: sales@visitinari.fi
• Phone: +358 40 179 6069

Rates informed on the website are per booking for maximum 4 persons. Either you are 1, 2, 3 or 4 persons the rate is the same. 

Unfortunately not. The rate is per booking and we dot not combine booking for the shared shuttle transfer. 

If you wish to be picked up different it time or from a different location which is not mentioned on list, you can book private transfer. Please contact us via email. 

The driver will be waiting you just at the Kirkenes terminal (Havila Castor/Hurtigruten).

Driver has a passenger list and the car (minibus or coach) has Visit Inari written on the front window. Service provider is called Kukkolan bussit. 

Kirkenes harbor is quite small place so normally it has been easy to spot the right vehicle/driver.

If you have any issues at the harbor, please call: +358 40 179 6069.

Pets travel in the front deck. There can be a fews pet at the same time and they must get along with other pets. Always inform that you are traveling with a pet.

Starting place is Inari harbor on Siida’s side. Please be ready 15min before the departure time. 

We start to organize winter activities as soon as weather allows – when it’s cold enough and there is enough snow. Please check the availabilities closer to your arrival.

Please note that Northern Lights are a nature´s phenomenon and cannot be
guaranteed. If Northern Lights are not seen during our Aurora tour, there is no refund.

The first official winter month is November. First snow may fall between late August and December, but usually the more permanent snow cover is obtained in November.

We offer many activities featuring reindeer, you’re guaranteed to see them if you join one of those activities.