Carnival Corporation detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems, and the unauthorized access also included the download of certain of Carnival’s data files on August 15, 2020.
Promptly upon its detection of the security event, Carnival reportedly launched an investigation and notified law enforcement, and engaged legal counsel and other incident response professionals.
While the investigation of the incident is ongoing, Carnival says the company has implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology systems.
“With 325,000 people sailing aboard Carnival ships every day, it is a party that hackers do not want to miss,” explains Robert Capps, VP of Market Innovation for NuData Security, a Mastercard company.
“Although there is no evidence that the compromised information has been used for fraud, it is important that companies are ready to prevent this potential misuse of the stolen information.”
“Now that the data is out, companies can fight back by making the information valueless with the latest technologies that are able to identify people by their online behavior instead of credentials or personal information.”
“So, even if hackers grab customer credit cards, passwords and other data, companies can block them when bad actors impersonate the legitimate owner online.”
This is because bad actors, even if they have the correct information, they cannot imitate the individual’s online behavior.”
Carnival says they are working with industry-leading cybersecurity firms to immediately respond to the threat, defend the company’s information technology systems, and conduct remediation.
(Learn More. Courtesy of WPTV News – FL Palm Beaches and Treasure Coast and YouTube. Posted on Aug 18, 2020.)
Nonetheless, Carnival expects that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.
Although Carnival believes that no other information technology systems of Carnival’s other brands have been impacted by this incident based upon their investigation, there can be no assurance that other information technology systems of the company’s other brands will not be adversely affected.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
Provides named sources
Reported by more than one notable outlet
Includes supporting video, direct statements, or photos