Carnival Corporation one of the biggest cruise ship operators in the world, and another major firm that reveals it is affected by data breaches.
Carnival Corp. encountered an illegal entry to its computer networks on 19 March. According to the company, authorities have been contacted and a cybersecurity company has been employed.
The research discovered that third parties, using a "limited number of e-mail accounts" could access personal information of clients, staff, and crew on their Carnival, Holland America, and Princess cruise lines.
The data obtained included names, addresses, telephone numbers, passport numbers, birth dates, health information, and in some cases additional information, like national identity numbers or social security.
According to Carnival, the impacted information includes “data routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the company, including COVID or another safety testing.” The Carnival letter stated that data was exploited with "low likelihood."
It is worth noting that ever since 2019 Carnival has been attacked by numerous cyber threat actors, including last summer's ransomware attack. Just as cruise lines start booking trips following an extended COVID-19 halt, Carnival faces yet another question mark on cyber safety, said Erich Kron, the KnowBe4 security adviser.
Kron said that this is no surprise that they have been attacked, given the type of data and the volume it gathers, and that Carnival records some highly important information to attackers.
The majority of large cruises prefer to visit ports abroad in their very nature so that they acquire sensitive data that is necessary for the processing of customs as well as other travel-related objectives. Such types of attacks are generally initiated by e-mail phishing and firms seeking to avoid problems like Carnival would be advised to invest in high-quality e-mail filters and a training program for employees focusing on recognizing e-mail phishing attacks and proper password hygiene.
Cohn Bambenek, Threat Intelligence Advisor at Netenrich, stressed the necessity for the organization to ask some important questions about what it is doing to secure the sensitive information since it has been hit three times in the past few months.
“At a certain point, they are advertising to the world that they are an easy target and can look forward to more frequent and serious attacks,” Bambenek added.
Carnival Cruise Line is a multinational cruise line with its headquarters in Doral, Florida. It is a division of Carnival Corporation & plc. The corporation operates several of the largest cruise lines, including the Princess Cruises and Carnival Cruise Line.