The world’s largest cruise operator Carnival has revealed it was hit by a huge ransomware attack that may have seen customer data stolen by hackers.
The company, which welcomes around 13 million guests each year, declared that one of its brands was hit by an attack on August 15.
The attack on the as-yet-unnamed brand likely included what Carnival called “unauthorized access to personal data of guests and employees”, and may have affected some of its other brands as well.
Carnival cruises ransomware
“On August 15, 2020, Carnival Corporation and Carnival plc (together, the “Company,” “we,” “us,” or “our”) detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files,” the company declared in its 8-K form filed with the Securities and Exchange Commission (SEC).
The filing did not mention any specific type of ransomware, or the steps taken by the company. However it did note that Carnival was expecting, “potential claims from guests, employees, shareholders, or regulatory agencies,”
Carnival employs over 150,000 workers across the globe, and owns a number of shipping brands including Cunard, AIDA, P&O Cruises, Princess Cruises, Carnival Cruise Line, Costa, Holland American Line, as well as the high-end luxury cruise line Seabourn.
The attack comes shortly after company revealed a data breach in March 2020 which saw customer personal information including payment information leaked online. The cruise industry has already been decimated by the worldwide coronavirus pandemic, and Carnival will hope that the fallout from this incident does not affect it too harshly.
“The travel industry is an extremely attractive target to cybercriminals, as they can collect and store personally identifiable information (PII) on billions of passengers every year, including passport numbers, credit card information, email addresses and much more,” noted Anurag Kahol, CTO, Bitglass.
“To thwart ransomware attacks and mitigate their impact, all organisations need advanced threat protection. Organisations should leverage security solutions that can identify and remediate both known and zero-day threats on any cloud application or service, and protect managed and unmanaged devices that access corporate resources and data. This includes solutions that can automatically block malware in the cloud that is both at rest or in transit.”
“Additionally, organisations must ensure adequate employee security training to identify phishing attempts and illegitimate emails as phishing is the primary vector for ransomware attacks.”