2 min read

Carnival Cruises bruised by $6.25 million fine after series of cyberattacks

Graham CLULEY

June 28, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Carnival Cruises bruised by $6.25 million fine after series of cyberattacks

Carnival Cruises, the world's largest travel leisure firm which operates over 100 ships for millions of vacationing customers, has been fined a total of $6.25 million following a series of security mishaps.

Between April and July 2019, Carnival suffered a data breach that saw unauthorised parties gain access to information about 180,000 employees and customers.

As The Record reports, the hackers were able to break into employees' email accounts, which allowed them to send convincing-looking phishing emails and gave them access to an alarming amount of sensitive data.

Details exposed included guests' names, addresses, social security numbers, passport or driving license details, credit card and financial account information, and health-related information.

The company did not notice suspicious activity on its network until late May 2019 (the breach continued, by Carnival's own admission, until July 23 2019), and the data breach only made public in March 2020 - ten months later.

An investigation determined that employees' email accounts were not hardened with multi-factor authentication.

Clearly, that would have been bad in itself, but some months later Carnival discovered that it had fallen foul of hackers again.

On August 15 2020, Carnival detected that it had suffered a ransomware attack that saw cybercriminals encrypt some of the data on its network, and once again exfiltrate sensitive personal information about customers and employees.

That's clearly not the kind of news anyone wants to hear from their employer or the company that's taking them on vacation.

To its credit, on this occasion, the cruise ship company went public about the attack within just a couple of days and took steps to contain and remediate the security breach with the help of external experts.

At the time, in a regulatory filing, the corporation warned that the unauthorised data access might lead to claims from guests, employees, shareholders, and others.

That warning has now clearly come true.

As The Register reports, Carnival has agreed to pay penalties totaling $6.25 million for its failure to properly secure data.

Carnival has committed to providing better cybersecurity training for its employees, putting better password security practices in place, improving its email defences, and enabling multi-factor authentication for those accessing their corporate email remotely.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read
Slope Wallets Blamed for $6 Million Solana Hack Slope Wallets Blamed for $6 Million Solana Hack
Silviu STAHIE

August 04, 2022

1 min read