Security News > 2020 > October > Largest cruise line operator Carnival confirms ransomware data theft
Carnival Corporation, the world's largest cruise line operator, has confirmed that the personal information of customers, employees, and ship crews was stolen during an August ransomware attack.
The ransomware attack Carnival refers to took place on August 15, 2020, and it was disclosed via an 8-K form filed with the Securities and Exchange Commission two days later, on August 17.
In a 10-Q form filed with the SEC yesterday, Carnival confirmed that the unknown ransomware gang was able to gain access to personal information of both customers and employees during the attack.
Even though Carnival did not disclose if any of these servers were compromised during the August 2020 incident, ransomware gangs are regularly scanning for and exploiting such vulnerable devices in their attacks.
The ransomware attack came after a data breach Carnival announced in March 2020 that led to the exposure of customers' personal and financial information after an unknown threat actor gained access to employee email accounts.