Carnival Cruise Cyber-Torpedoed by Cyberattack

[silversurfer]

Carnival Corp., the world’s largest cruise-ship operator, has sprung another leak: For the second time in a year, attackers have breached email accounts and accessed personal, financial and health information belonging to guests, employees and crew.
 
Carnival has quite the armada: Its cruise brands include Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises (Australia), Costa Cruises, AIDA Cruises, P&O Cruises (UK) and Cunard. It also operates Holland America Princess Alaska Tours, a tour company that sails around Alaska and the Canadian Yukon.
 
In a data breach notification letter sent to affected customers and first spotted by BleepingComputer, Carnival said that “unauthorized third-party access to a limited number of email accounts” was detected in mid-March.
 
But Carnival’s SVP and chief communications officer Roger Frizzell later told the news outlet that the attackers also gained access to “limited portions of its information technology systems.”
 
“It appears that in mid-March, the unauthorized third-party gained access to certain personal information relating to some of our guests, employees and crew,” Frizzell reportedly said. “The impacted information includes data routinely collected during the guest experience and travel-booking process, or through the course of employment or providing services to the company, including COVID or other safety testing.”
 
In its data breach notification, sent on Thursday, the company added that there is evidence indicating “a low likelihood of the data being misused.”
 
According to the letter, the improperly accessed information included names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information such as Social-Security or national-identification numbers.

Read more: Carnival Cruise Cyber-Torpedoed by Cyberattack | Threatpost