Cruise lines brand Carnival, Seabourn, and Holland America were targeted by a ransomware attack which is still under investigation.
At least that’s what the cruise line corporation said in one of their last updates.
So far, they’ve been working with cybersecurity consultants to recover what was lost after the attack (files included). It’s also believed that there’s a “low likelihood of data being misused.”
More Details about the Cruise Lines Ransomeware Attack
What we know so far, is that hackers accessed guest’s, employee’s, and crew’s personal information. It all happened through the three cruise lines. Hackers accessed the personal information of guests, employees, and crew for three cruise line and casino operations.
We could say the Carnival Corp. acted fast, by revealing the details just two days later after the incident took place. By that moment, part of the tech system was already encrypted.
So far, they continue to work “as quickly as possible to identify those individuals whose personal information may have been impacted.”
And in the meantime, anyone who believes is affected by the attack, can contact a call center the company set up regarding the event.
All recent attendees are invited to call to confirm whether or not their information was leaked, to help the investigation.
But don’t worry, because if you’re part of this group, you would probably be contacted by the Carnival company itself (within 30 to 60 days).
Without a doubt, 2020 has been a tough year for touristic services providers.
With the COVID-19 pandemic and the skyrocketing ransom cases, the news of constant attacks against the industry hasn’t stopped since March when stay-at-home orders started.
We could then agree that these types of businesses have been the most affected- and with the most recent headlines, it seems non-stopping.
But… Even after being frequent victims, the following question arises: who’s fault is it?
Terence Jackson, a solution provider at CISO, stresses the importance of vigilance in current times. This attack was, “another example of the importance of proper investment in cybersecurity programs to protect company and customer data.”
“Attackers are not taking it easy during the pandemic. They are stepping the attacks up and we have to be ready.”
Steve Durbin (Managing Director of the ISF) also noted that:
“Business continuity and disaster recovery are two areas companies should consider bolstering during this unique time of vulnerability to attacks
“Established plans that depend on employees being able to work from home, for example, do not stand up to an attack that removes connectivity or personally targets individuals as a means of dropping ransomware into the corporate infrastructure.
Revised plans should cover threats to periods of operational downtime caused by attacks.”
The good news is that everyone affected will be getting complimentary credit monitoring. This part of their measures to keep clients calm and happy.
Besides, Carnival will be taking proactive steps to improve its position (security speaking). They will review their security/privacy policies and procedures, to implement effective changes to avoid this repeating in the future.
This proves they’re willing to do what’s needed to recover from this attack.
Let’s consider that Carnival Corporation is one of the world’s largest leisure travel companies, having a total of nine of the world’s leading cruise lines: Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises (Australia), Costa Cruises, AIDA Cruises, P&O Cruises (UK) and Cunard. – Source.
Both Holland America Line and Princess Cruises account together for 30% of Carnival’s capacity (as of November 30, alone).
Even after what just happened, they’re announcing an upsizing and pricing of $1,450 Million and €500 Million Senior Unsecured Notes due 2026.
So they surely will have to take a bit of that budget to keep upgrading their cybersecurity layers.
What would you do in that case?
Please, comment on your opinion down below!