Carnival Corporation, the world’s largest cruise line operator, confirms data breach due to a ransomware attack that occurred in August in which the attackers managed to steal personal information of customers, employees, and ship crews during the attack.
Carnival Corporation & plc is a British-American cruise operator having a combined fleet of more than 100 vessels across 10 cruise line brands.
Carnival Corporation employees over 150,000 staffs and 13 million guests annually. The company operates nine cruise line brands (Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, Seabourn) and a travel tour company (Holland America Princess Alaska Tours).
The cruise company disclosed that the incident took place on August 15 in which the hackers accessed and encrypted a portion of one brand’s information technology systems. Some of their data files were also downloaded.
They also believe that the security incident must have included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies. However, they are not aware of any misuse of the exposed information.
The cruise company notified law enforcement agencies and data regulators.
At first the company revealed that the breach affected only one of its cruise lines brands. After being aware of the incident, they conducted an investigation and also hired legal counsel and cyber security professionals.
They have also implemented a series of containment and remediation measures to respond to the incident and reinforce the security of its information technology systems.
The company warns its customers to be vigilant of any future attacks related to this security breach.
The security researchers from cybersecurity intelligence firm Bad Packets found in August that Carnival was utilizing vulnerable Citrix devices during the time of attack. According to them, the vulnerable equipment was targeted by the attacker to access the corporate network.
Image Credits : Carnival Cruises