Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management

Carnival Cruise Ship Firm Investigating Ransomware Attack

SEC Filing Warns That Customer and Employee Data Likely Compromised
Carnival Cruise Ship Firm Investigating Ransomware Attack

Carnival Corp., the world's largest cruise ship company, is investigating an Aug. 15 ransomware attack that likely compromised customer and employee data, according to its filing with the U.S. Securities and Exchange Commission.

See Also: Mandiant Cyber Crisis Communication Planning and Response Services

The hackers apparently encrypted part of an IT system for one of Carnival’s brands and downloaded data, the company says.

"We expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders or regulatory agencies," according to the company's filing. "Although we believe that no other information technology systems of the other company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other company’s brands will not be adversely affected."

Carnival is investigating the incident and has contacted law enforcement as well as third-party security companies. The company notes in its SEC filing that it has "implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology system."

The SEC filing did not name the strain of ransomware involved or indicate if Carnival had received a ransom note or was directly dealing with the attackers.

A company spokesperson declined to comment.

Second Incident

This is the second time this year that Carnival has reported a security incident that affected customers' data.

In March, the company filed a notification with the California attorney general's office of a possible data breach that took place between April and June of 2019. In that case, hackers appear to have compromised customer data, including name, address, Social Security number, government identification number - such as passport number or driver’s license number - credit card and financial account information and health-related information.

Ransomware Uptick

Over the past several months, reports of ransomware attacks have steadily increased as more companies find themselves victims of this crypto-locking malware.

For example, Canon USA is recovering from a recent ransomware incident (see: Maze Reportedly Posts Exfiltrated Canon USA Data).

Attackers are also demanding bigger payouts. This week, incident response firm Coveware released statistics that show the average ransom paid by a victim rose 60% to $178,254 in the second quarter, compared with the first quarter, based on its clients’ incidents (see: Ransomware Payday: Average Payments Jump to $178,000).

Steve Durbin, managing director of the Information Security Forum, says organizations need to ensure that their business continuity and disaster recovery plans would enable them to access files and rebuild systems after a ransomware incident.

"To protect against the scale and scope of these threats, an organization will be forced to rethink its defensive model, particularly its business continuity and disaster recovery plans," Durbin tells Information Security Media Group. "Established plans that rely on employees being able to work from home, for example, do not stand up to an attack that removes connectivity or personally targets individuals as a means of dropping ransomware into the corporate infrastructure."

Managing Editor Scott Ferguson contributed to this report.


About the Author

Chinmay Rautmare

Chinmay Rautmare

Senior Correspondent

Rautmare is senior correspondent on Information Security Media Group's Global News Desk. He previously worked with Reuters News, as a correspondent for the North America Headline News operations and reported on companies in the technology, media and telecom sectors. Before Reuters he put in a stint in broadcast journalism with a business channel, where he helped produced multimedia content and daily market shows. Rautmare is a keen follower of geo-political news and defense technology in his free time.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.