Personal and Financial Data Compromised by Cybercriminals
Note: We may earn a commission from products or services when you click on a link and make a purchase.
Carnival Corporation reported a data breach that impacts guests, employees, and crew members. Cybercriminals attacked Carnival’s IT systems were able to exfiltrate sensitive information. The personal data stolen could result in future online scams and financial theft.
Carnival did not disclose how many people are affected by the security incident. A copy of the notice can be seen here.
Carnival Corporation (NYSE: CCL) stocks fell three percent today. The cruise line and vacation booking corporation is based in Miami, Florida. Carnival owns and operations cruise vacations to popular tourist destinations around the world.
Compromised Data Includes
- Names
- Addresses
- Phone number
- Birthdate
- Heath information including CIVD safety testing
Stolen data in some cases also includes Social Security numbers of other national identification.
The notice from Carnival to those impacted by the data breach says that the attack involved a “limited number of emails.” However, Carnival’s SVP & Chief Communications Officer Roger Frizzell told BleepingComputer that the attackers compromised a “limited portions of its information technology systems.”
History of Carnival Cruise Data Breaches
This is the second carnival cruise data breach and less than one year. in August 2020, the company was hit with a ransomware attack which also impacted all their brands. it was never disclosed which ransomware compromised their IT systems or how the attacker was able to get in.
The cyberattack was disclosed on a Securities and Exchange Commission SEC Form 8K. Personal data of crew, guests, and employees was also compromised in that ransomware attack.
In March of 2020 one of Carnival’s brand Princess Cruises was attacked the victim of a cyber security incident.https://www.askcybersecurity.com/princess-cruises-hacked/ Hackers compromised employee email accounts over a four month period. They stole employee crew and guest personal information as well as government ID numbers and payment card numbers.
Carnival Cruise Brands Include
- Carnival Cruise Line
- Costa
- P&O Australia
- P&O Cruises
- Princess Cruises
- Holland American Line
- AIDA
- Cunard
- Seabourn
“‘There is evidence indicating a low likelihood of the data being misused,” says the notice from Carnival sent to those impacted by the data breach.
Carnival is offering 18 months of identity theft monitoring for those who has personal information stolen by the attackers.
Carnival Cruises Data Breach – What to Do
A notice to those impacted by the Carnival Data breach says that unauthorized access was detected on March 19. The company has contracted with an unmade third-party security firm to investigate the cyberattack.
Beware of future phishing emails. Cybercriminals once again heisted personal information from Carnival crew, employees, and customers. This data can be used to send scam emails and SMS text messages to unsuspecting customers.
Typical phishing emails my claim to be from Carnival cruise line or other sites that lots of people commonly use like Amazon, Netflix, PayPal, eBay, or any other well-known brand.
If someone is tricked buy this scam email and clicks on a link, they may be taken to a malicious website that attempts to steal their login information bank account numbers or credit cards.
A solid antivirus app can help protect against online scams, credential phishing emails and malicious websites.
Those who were not offered credit monitoring services can sign up on their own. A credit monitoring service protects against someone using your stolen identification from opening credit cards, loans, or mortgages in your name.
