Security News > 2021 > June > Carnival Cruise Cyber-Torpedoed by Cyberattack
Carnival Corp., the world's largest cruise-ship operator, has sprung another leak: For the second time in a year, attackers have breached email accounts and accessed personal, financial and health information belonging to guests, employees and crew.
Fifteen months ago, in March 2020, Carnival Cruise Lines disclosed that it was hit with a data breach: Threat actors accessed names, addresses, Social Security numbers, passport numbers or driver's-license numbers, credit-card and financial account information, and health-related information.
Seven months later, last October, Carnival disclosed that it had suffered a ransomware attack on the previous Aug. 15 that affected three cruise lines: Carnival Cruise Line, Holland America Line and Seabourn.
Carnival had already revealed that it was the target of a ransomware attack on Aug. 17, two days after the attack.
"061821 12:38 UPDATE: Carnival's SVP and chief communications officer Roger Frizzell confirmed the March 19 discovery of the breach to Threatpost on Friday. He said via email that"several months ago, Carnival Corporation detected unauthorized third-party access to limited portions of its information technology systems.
"A cybersecurity firm was engaged to investigate the matter, and regulators were notified. The investigation revealed unauthorized third-party access to certain personal information relating to some guests, employees and crew for Carnival Cruise Line, Holland America Line, Princess Cruises and medical operations. There is evidence indicating a low likelihood of the data being misused."