Carnival Corp, the parent company of cruise line Holland America Line, has been targeted by hackers.
The attackers managed to gain access to the email accounts of company employees. In doing so, customer data and the personal information of employees were stolen writes the Associated Press (AP).
How hackers managed to steal this data
The attack took place in March. Carnival Corp discovered on March 19 that an unauthorized person had gained access to the IT systems. As a precaution, the cruise company decided to shut down the computer systems. She also called in outside cybersecurity experts to investigate the digital intrusion. On Friday, May 7, Carnival Corp. reported the incident to the Attorney General of the US state of Montana.
The hackers managed to break into several company email accounts. Information was stolen from customers and employees of Carnival Cruise Line, Holland America Line and Princess Cruises. In a letter to the victims, Carnival Corp says that the perpetrators managed to get their hands on social security numbers ( social security numbers ), passport document numbers, dates of birth, residential addresses and health information of employees.
Many details about cyber attack still unknown
Carnival Corp would not say how many people were victims of the cyber attack. In their own words, these are ‘limited cases’. A spokesperson for the cruise line confirms to AP that all victims have now been informed. He also says that the company has made adjustments to better protect its computer systems against hackers.
Many details about the cyberattack are still missing at this time. For example, it is unclear how the hackers managed to penetrate Carnival Corp’s corporate network, how long they had access to confidential data, whether they demanded a ransom and whether the cruise company paid for it.
Carnival Corp has been targeted by hackers more often
It’s not the first time Carnival Corp has had to deal with hackers. In April of this year, the company filed an 8K filing with the Securities and Exchange Commission (SEC), the US stock market watchdog. In an 8K filing, a company notifies shareholders and other stakeholders of important business events, such as acquisitions, resignation or appointment of a (new) board member or bankruptcy filings. Cyber incidents and attacks must also be reported via an 8K filing.
In the report, Carnival Corp revealed that the company was attacked by hackers in August and December 2020. Then it was a ransomware attack. In addition, unauthorized persons know how to gain access to computer systems. The attackers then try to embed themselves in as many other systems as possible and gain access to files that are normally closed to them. We call this the lateral movement phase and the privilege escalation phase respectively.
Once inside, hackers try to encrypt and copy as much data as possible. The only way to unlock the files is to use a decryptor: a key to make all data accessible again. However, a ransom must be paid first. To increase the pressure, the attackers often threaten to make the stolen data public. As far as is known, Carnival Corp has never paid ransom to the perpetrators.
Catch up on more articles here
Follow us on Twitter here