Carnival confirms data breach as a result of the August ransomware attackSecurity Affairs


Carnival Company, the world’s largest cruise line operator, has confirmed a knowledge breach because of the august ransomware assault.

Carnival Company, the world’s largest cruise line operator, has confirmed a knowledge breach because of the ransomware assault that occurred in August. Ransomware operators have stolen the private info of shoppers, staff, and ship crews in the course of the assault.

Carnival Company & plc is a British-American cruise operator, presently the world’s largest journey leisure firm, with a mixed fleet of over 100 vessels throughout 10 cruise line manufacturers. A dual-listed firm,

Carnival Company has over 150,000 staff and 13 million company yearly. The cruise line operates beneath the manufacturers Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and their ultra-luxury cruise line Seabourn.

Carnival data breachSupply: Orlando Weekly

The corporate operates 9 cruise line manufacturers (Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, Seabourn) and a journey tour firm (Holland America Princess Alaska Excursions).

In an 8-Okay submitting with the US Securities Alternate Fee (SEC), the cruise line operators revealed that the incident occurred on August 15.

“On August 15, 2020, Carnival Company and Carnival plc (collectively, the “Firm,” “we,” “us,” or “our”) detected a ransomware assault that accessed and encrypted a portion of 1 model’s info expertise techniques. The unauthorized entry additionally included the obtain of sure of our knowledge information,” states the 8-Okay kind filed with the SEC.

“Nonetheless, we count on that the safety occasion included unauthorized entry to non-public knowledge of company and staff, which can end in potential claims from company, staff, shareholders, or regulatory companies,”

The corporate additionally notified legislation enforcement companies and knowledge regulators.

On the time, the corporate revealed that solely one among its cruise line manufacturers was affected by the safety breach.

Upon the invention of the safety incident, the Firm launched an investigation and notified legislation enforcement, it additionally employed authorized counsel and cyber safety professionals. The corporate additionally introduced to have already carried out a collection of containment and remediation measures to reply to the incident and reinforce the safety of its info expertise techniques.

Now the corporate filed a brand new In a 10-Q kind with the SEC, it confirmed that an unknown ransomware gang additionally stole the private info of its prospects and staff. The corporate added that it’s not conscious of any misuse of the uncovered info.

“On August 15, 2020, we detected a ransomware assault and unauthorized entry to our info expertise techniques. We engaged a serious cybersecurity agency to analyze the matter and notified legislation enforcement and regulators of the incident.” reads the 10-Q kind.

“Whereas the investigation is ongoing, early indications are that the unauthorized third-party gained entry to sure private info regarding some company, staff, and crew for a few of our operations.” “There’s presently no indication of any misuse of this info.”

The corporate warns its prospects of future assaults or incidents that could possibly be linked to this safety breach.

“Whereas at the moment we don’t consider that this info will probably be misused going ahead or that this incident could have a fabric adversarial impact on our enterprise, operations, or monetary outcomes, no assurances may be given, and additional, we could also be topic to future assaults or incidents that would have such a fabric adversarial impact.” states the corporate.

In August, researchers from cybersecurity intelligence agency Unhealthy Packets seen that Carnival was using susceptible Citrix gadgets on the time of the assault. The specialists speculate that the susceptible tools was focused by the attacker to entry the company community.

BadPackets additionally speculate that one other entry level within the Carnival community could possibly be CVE-2020-2021 problem within the the PAN-OS working system.

In March 2020, Carnival Company disclosed one other knowledge breach that occurred in 2019. The corporate knowledgeable prospects of the incident, a third-party gained unauthorized entry to their private info.

Uncovered company’ private info included title, handle, Social Safety quantity, authorities identification quantity, resembling passport quantity or driver’s license quantity, and health-related info. For some purchasers, bank card and monetary account info may need been uncovered

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)



thycotic linkedin,onion id,thycotic secret server