2 min read

Carnival Cruises bruised by $6.25 million fine after series of cyberattacks

Graham CLULEY

June 28, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Carnival Cruises bruised by $6.25 million fine after series of cyberattacks

Carnival Cruises, the world's largest travel leisure firm which operates over 100 ships for millions of vacationing customers, has been fined a total of $6.25 million following a series of security mishaps.

Between April and July 2019, Carnival suffered a data breach that saw unauthorised parties gain access to information about 180,000 employees and customers.

As The Record reports, the hackers were able to break into employees' email accounts, which allowed them to send convincing-looking phishing emails and gave them access to an alarming amount of sensitive data.

Details exposed included guests' names, addresses, social security numbers, passport or driving license details, credit card and financial account information, and health-related information.

The company did not notice suspicious activity on its network until late May 2019 (the breach continued, by Carnival's own admission, until July 23 2019), and the data breach only made public in March 2020 - ten months later.

An investigation determined that employees' email accounts were not hardened with multi-factor authentication.

Clearly, that would have been bad in itself, but some months later Carnival discovered that it had fallen foul of hackers again.

On August 15 2020, Carnival detected that it had suffered a ransomware attack that saw cybercriminals encrypt some of the data on its network, and once again exfiltrate sensitive personal information about customers and employees.

That's clearly not the kind of news anyone wants to hear from their employer or the company that's taking them on vacation.

To its credit, on this occasion, the cruise ship company went public about the attack within just a couple of days and took steps to contain and remediate the security breach with the help of external experts.

At the time, in a regulatory filing, the corporation warned that the unauthorised data access might lead to claims from guests, employees, shareholders, and others.

That warning has now clearly come true.

As The Register reports, Carnival has agreed to pay penalties totaling $6.25 million for its failure to properly secure data.

Carnival has committed to providing better cybersecurity training for its employees, putting better password security practices in place, improving its email defences, and enabling multi-factor authentication for those accessing their corporate email remotely.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read