Cruise shipping giant Carnival Corporation suffers a major ransomware attack

Cruise shipping giant Carnival Corporation suffers a major ransomware attack

Carnival Corporation suffers a major ransomware attack

Carnival Corporation, the world's largest operator of cruise liners, has confirmed in an SEC filing that one of its brands suffered a ransomware attack on 15th August that resulted in hackers gaining unauthorised access to the personal data of guests and employees.

The ransomware attack comes at a time when the Carnival Corporation, like many other multinational giants, is facing serious financial setbacks due to the coronavirus pandemic. The cruise ship operator was forced to reduce its fleet of ships by fifteen in July as a cost-cutting exercise.

Carnival Corporation operates a number of renowned cruise liner brands such as Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, Cunard, AIDA Cruises, Costa Cruises, and P&O Cruises in the United Kingdom and Australia.

On Monday, the cruise liner giant disclosed in a filing with the U.S. Securities and Exchange Commission that one of its brands suffered a ransomware attack on 15th August that resulted in hackers gaining access to internal IT systems, encrypting a portion of the systems, and stealing the personal data of guests and employees.

"Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand’s information technology systems), the Company does not believe the incident will have a material impact on its business, operations or financial results," Carnival stated in the filing.

"Although we believe that no other information technology systems of the other Company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other Company’s brands will not be adversely affected," it added.

The company also stated that as soon as the ransomware attack was detected, it launched an investigation, notified law enforcement authorities, and engaged legal counsel and other incident response professionals. Carnival Corporation is also working with industry-leading cybersecurity firms "to immediately respond to the threat, defend the Company’s information technology systems, and conduct remediation."

Commenting on Carnival Corporation suffering a ransomware attack this week, Dan Panesar, director of UK and Ireland at Securonix, said that this attack is particularly nasty as the hackers have gained access and stolen the ‘holy grail’ of information, including personal details, credit cards, and social security numbers; all the essentials to perform some pretty nasty identity fraud on its customers.

He added that in order to match hackers in terms of resources and skills, security teams at organisations need to use behavioural analytics to spot abnormal behaviour before it causes real problems. They can also use automation to focus only on the severe or real threats, reduce their overall burden, ensure better visibility, respond faster to attacks, and further strengthen their security posture.

This is the second time this year that Carnival Corporation has had to disclose a major security incident to law enforcement authorities and its customers. In March, Princess Cruises, one of Carnival's well-known cruise lines, said that between 11th April and 23rd July 2019, hackers accessed multiple employee email accounts that contained the personal information of guests, crew, and employees.

Princess Cruises said the data security incident potentially compromised names, addresses, Social Security numbers, passport numbers, driver's license numbers, credit cards, financial account information, and health-related information of passengers and staff. This data leak was not specific to each guest and the company does not have any evidence of misuse of this personal information so far.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles