Carnival Corp confirms hackers stole guests’ personal data

Carnival Corp confirms hackers stole guests’ personal data

Carnival Corporation suffers a major ransomware attack

Carnival Corporation, the world’s largest operator of cruise lines, has confirmed that the ransomware attack that struck its systems in August, resulted in the compromise of personal information of guests, employees, and crew.

In August, Carnival Corporation disclosed in a filing with the U.S. Securities and Exchange Commission that one of its brands suffered a ransomware attack that resulted in hackers gaining access to internal IT systems, encrypting a portion of the systems, and stealing the personal data of guests and employees.

“Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand’s information technology systems), the Company does not believe the incident will have a material impact on its business, operations or financial results,” Carnival stated in the filing.

“Although we believe that no other information technology systems of the other Company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other Company’s brands will not be adversely affected,” it added.

The company also stated that as soon as the ransomware attack was detected, it launched an investigation, notified law enforcement authorities, and engaged legal counsel and other incident response professionals. Carnival Corporation is also working with industry-leading cybersecurity firms “to immediately respond to the threat, defend the Company’s information technology systems, and conduct remediation.”

Recently, the cruise line giant, which operates a number of renowned cruise line brands such as Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, Cunard, AIDA Cruises, Costa Cruises, and P&O Cruises in the UK and Australia, said the August ransomware attack resulted in hackers gaining access to the personal information of a number of guests, employees, and crew.

“While the investigation is ongoing, early indications are that in early August an unauthorised third-party gained access to certain personal information relating to some of our guests, employees, and crew. For individuals who sailed with us, the information impacted may include the data routinely collected during the guest travel booking process, during the casino experience, or at the time of employment.

“That information may include names, addresses, phone numbers, passport numbers, and dates of birth. The investigation into the specific data impacted is ongoing, but in some limited instances, we anticipate additional information impacted may include data such as Social Security numbers, health information, or other personal information,” Carnival said.

“We are working as quickly as possible to identify the guests, employees, crew and other individuals whose information may have been impacted. We expect to complete this process within the next 30-60 days and will then send notifications to potentially affected individuals whose current contact information is available to the company. Along with those individual notices, affected individuals will be offered complimentary credit monitoring, as appropriate,” it added.

The cruise line company also announced in a separate press release that the ransomware attack on its IT systems affected three cruise lines, namely Carnival Cruise Line, Holland America Line, and Seabourn, as well as the company’s casino operations. It added that working with cyber security consultants, it “took steps to recover its files and has evidence indicating a low likelihood of the data being misused.”

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]