The company operates brands that include Carnival Cruise Line, Costa, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard and Seabourn.
The data stolen included personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies, the company said.
Carnival noted that it had launched an investigation, informed law enforcement and engaged legal counsel and other incident response professionals. While the investigation of the incident is ongoing, the company has implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology systems, Carnival noted.
Although the company didnt provide any details of the attack other than the basics, cybersecurity firm Bad Packets LLCtold Bleeping Computer that Carnival uses vulnerable edge gateway devices that would allow an attacker to gain access to a corporate network.
Fueled by the success of previous ransomware attacks, its no surprise the number of ransomware attacks continues to increase, Pravin Madhani, chief executive officer and co-founder ofnext-generation application workload protection platform companyK2 Cyber Security Inc., told SiliconANGLE.
Thats why, he added, organizations need to remain vigilant in their security, not only using phishing detection and training employees to recognize phishing but also making sure they have defenses for all of their applications, data and assets that are internet-facing. Equally important, organizations need to make sure they vet the security of partners as thoroughly as they vet their own security infrastructure.
Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.