Carnival Cruises have disclosed a data breach after attackers gained access to customers’ personal information.

Experts Comments

June 18, 2021
Erich Kron
Security Awareness Advocate
KnowBe4

Just as cruisers are starting to book trips after a long shutdown due to COVID-19, Carnival is facing yet another cybersecurity issue. The type of data and the sheer volume of it being collected by Carnival can be very valuable to attackers, so it is no big surprise they have been a target. Most large cruises, by their very nature, tend to visit ports in foreign countries, so they must collect sensitive information to be used for customs preparation and other purposes related to the travel.

.....Read More

Just as cruisers are starting to book trips after a long shutdown due to COVID-19, Carnival is facing yet another cybersecurity issue. The type of data and the sheer volume of it being collected by Carnival can be very valuable to attackers, so it is no big surprise they have been a target. Most large cruises, by their very nature, tend to visit ports in foreign countries, so they must collect sensitive information to be used for customs preparation and other purposes related to the travel. This includes social security numbers, passport numbers, full names, addresses, phone numbers and much more -- all data that could be easily used to steal identities or open accounts in potential victims' names.

 

These types of attacks are often started through email phishing attacks, so organizations that wish to avoid the same issues as Carnival would be wise to invest in high-quality email filtering and an employee training program focused on spotting email phishing attacks and proper password hygiene. In addition, investing in DLP (Data Loss Prevention) solutions and enabling 2FA (Two-Factor Authentication) on accounts would be wise as well

  Read Less
June 18, 2021
Paul Bischoff
Privacy Advocate
Comparitech

This is Carnival's third major cybersecurity incident in 12 months. At this point, I would be extremely hesitant to trust the company with my personal information. As these attacks become a pattern instead of isolated incidents, I have to wonder whether Carnival is really prioritizing cybersecurity or if it's just an afterthought. 

 

Carnival's stock price hasn't significantly suffered from any of its three recent data incidents. If shareholders continue to profit from the status quo, it's

.....Read More

This is Carnival's third major cybersecurity incident in 12 months. At this point, I would be extremely hesitant to trust the company with my personal information. As these attacks become a pattern instead of isolated incidents, I have to wonder whether Carnival is really prioritizing cybersecurity or if it's just an afterthought. 

 

Carnival's stock price hasn't significantly suffered from any of its three recent data incidents. If shareholders continue to profit from the status quo, it's unlikely the company will invest in better cybersecurity technology and talent.

 

More on how data breaches affect stock market share prices: https://www.comparitech.com/blog/information-security/data-breach-share-price-analysis/

  Read Less
June 18, 2021
Martin Jartelius
CSO
Outpost24

It is great that the company noticed the incident and could reach out to their affected customers and staff. It is of course more concerning that email has been used as a means of storing and processing those rather sensitive sets of data, we are years past GDPR and other privacy legislations, and email may be the form of communication chosen by customers to submit their personal data, but it is essential that this data should not be retained in those systems in unstructured manners for

.....Read More

It is great that the company noticed the incident and could reach out to their affected customers and staff. It is of course more concerning that email has been used as a means of storing and processing those rather sensitive sets of data, we are years past GDPR and other privacy legislations, and email may be the form of communication chosen by customers to submit their personal data, but it is essential that this data should not be retained in those systems in unstructured manners for extended periods of time.

  Read Less
June 18, 2021
Alexa Slinger
Identity Management Expert
OneLogin

The travel industry, already hit hard by the pandemic, are now reopening to an expanding and evolving cyber threat landscape. This is the second cyberattack in the last year on Carnival Corporation and unsurprising as the tourism industry’s vulnerabilities continue to be exploited. The travel industry tends to rely on third-party vendors, such as booking portals and online platforms, making them an easy target for hackers seeking sensitive data. This breach serves as a reminder that all

.....Read More

The travel industry, already hit hard by the pandemic, are now reopening to an expanding and evolving cyber threat landscape. This is the second cyberattack in the last year on Carnival Corporation and unsurprising as the tourism industry’s vulnerabilities continue to be exploited. The travel industry tends to rely on third-party vendors, such as booking portals and online platforms, making them an easy target for hackers seeking sensitive data. This breach serves as a reminder that all organizations must put preventative measures in place to protect themselves and their customers. Organizations can begin this process by building a comprehensive Trust & Security program that focuses on building an internal “Security First” culture, as well as the processes and technology controls used to protect the data they, or other 3rd parties, process and store. By making security a central component of the business and using a data-centric approach, organization’s can protect their business against costly, possibly detrimental, breaches.

  Read Less
June 18, 2021
Jack Chapman
VP of Threat Intelligence
Egress

It’s concerning to see that Carnival Cruises has suffered another data breach, following two ransomware attacks last year. Email remains the most common entry point for attackers, underlining the need for organisations to put in place the right technology to defend their employees from the targeted phishing attacks that are the most convincing and do the most damage.

The hackers were able to access a significant amount of personal data about Carnival’s customers, including names, addresses

.....Read More

It’s concerning to see that Carnival Cruises has suffered another data breach, following two ransomware attacks last year. Email remains the most common entry point for attackers, underlining the need for organisations to put in place the right technology to defend their employees from the targeted phishing attacks that are the most convincing and do the most damage.

The hackers were able to access a significant amount of personal data about Carnival’s customers, including names, addresses and passport numbers. Concerningly, this information could now be used by cybercriminals to formulate sophisticated phishing attacks targeting Carnival Cruises customers.

In light of this, I would urge any Carnival Cruises customers who have been affected by this breach to be wary of any unexpected communications they might now receive, whether that’s over email, text messages or phone calls. Follow-up attacks may be highly convincing, utilising personal information accessed through this data breach to trick people into parting with further personal data that can be used for identity or financial theft.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.