Carnival Company has disclosed that passenger and worker details from a few various cruise strains was accessed in a ransomware attack that took place in August.
On August 15, the British-American cruise operator found that an unauthorized 3rd party had compromised its laptop or computer system and downloaded information files.
An update issued by the company yesterday states that own info from travellers of Carnival Cruise Line, Holland America Line, and Seabourn was impacted in the August attack.
“While the investigation is ongoing, early indications are that in early August the unauthorized 3rd bash gained obtain to specified own info relating to some friends, workers and crew for a few of the corporation’s brands—Carnival Cruise Line, Holland The usa Line and Seabourn, as properly as casino operations,” reported Carnival.
Information accessed by the risk actor might consist of names, addresses, phone figures, passport numbers, and dates of delivery.
Carnival stated: “The investigation into the particular knowledge impacted is ongoing, but in some constrained circumstances, we anticipate supplemental details impacted might contain facts these kinds of as Social Security quantities, well being information, or other individual information and facts.”
Carnival, with above 150,000 staff, is the most significant cruise operator in the world, serving around 13 million travellers annually in advance of the outbreak of COVID-19.
In the disclosure, Carnival said that it is operating “as quickly as possible” to identify and notify the passengers, workers, crew, and other persons whose own info may well have been accessed. Doing the job out precisely whose facts was impacted could consider up to 60 days to finish.
Subsequent the attack, Carnival reported it took measures to get better the information becoming held ransom by the danger actors. The corporation’s investigation into the incident is ongoing, but Carnival reported early indicators suggest that the likelihood that the info accessed without authorization has because been misused was “small.”
“While how the 3rd bash gained unauthorized entry has not been disclosed, this is yet another illustration of the great importance of good financial commitment in cyber security programs to guard corporation and buyer knowledge,” commented Terence Jackson, CISO at Thycotic.
“Attackers are not taking it uncomplicated through the pandemic. They are stepping the attacks up and we have to be ready.”
Some elements of this post are sourced from: