According to an internal letter sent by Carnival Corp., the parent company of Carnival Cruise Line, the major provider of cruises has experienced a cyberattack. The letter was sent to customers of Carnival and was first obtained by Bleeping Computer’s Sergiu Gatlan. According to the letter, Carnival came under attack on March 19 via an unnamed malicious actor. The letter initially states that only email accounts were accessed, but Carnival’s senior vice president and chief communications officer Roger Frizzell updated Bleeping Computer by stating that there was also a breach in IT systems.
The letter to affected Carnival customers states that “The impacted information includes data routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the Company, including COVID or other safety testing.” The information belongs primarily to customers, but Carnival staff are also reportedly affected by this breach.
Carnival is offering free credit monitoring to customers for 18 months in the aftermath of the cyberattack. Much of the data stolen can, and most likely will, find its way to underground forums on the Dark Web. Cybercriminals will then use this data to commit various instances of fraud and malicious social engineering campaigns. Anyone possibly affected by this should monitor their financial accounts very carefully and report any suspicious activity.
As the world is slowly starting to re-embrace travel in this pandemic, cruise lines, in particular, are looking to hit the ground running. Carnival could not have had this occur at a worse time, especially considering that this is just the latest in a line of major cyberattacks on the company. Starting in 2020, Carnival experienced ransomware attacks and other cyberattacks that have been bad PR for the company. After a while, people stop trusting an organization that continuously cannot defend against cybercriminals.
For this reason, Carnival should look to audit every system and plug every hole in its defenses. Whatever they have been doing has simply not been enough.
Featured image: Flickr / Port of San Diego