Carnival hit by cyber attack: Hackers steal personal information of cruise giant’s passengers and staff
The personal information of Carnival’s passengers and staff has been stolen by hackers, it emerged yesterday.
The embattled cruise giant said it detected a so-called ‘ransomware’ attack on Saturday, and immediately contacted law enforcement agencies.
It admitted that the hackers, who targeted one particular Carnival brand, had downloaded files which could ‘result in potential claims from guests, employees, shareholders, or regulatory agencies’.
Carnival said it detected a so-called ‘ransomware’ attack on Saturday, and immediately contacted law enforcement agencies
But it declined to reveal which brand or how many passengers had been affected, or what personal data was stolen.
The firm is investigating what happened, and has taken steps to beef up the security of its IT systems.
As well as its eponymous brand, the company also operates under Princess Cruises, Holland America Line, Seabourn, P&O, Costa Cruises, AIDA Cruises and Cunard.
In a normal year, Carnival hosts almost 13m guests, leading to fears that the personal details of thousands of customers may have been siphoned off by criminals.
Although it said that it thought that no other brands were targeted by the hackers, it warned ‘there can be no assurance that other information technology systems of the other brands will not be adversely affected’.
Consumer group Which? urged people who have booked cruises with Carnival to check their bank accounts and credit report, change passwords, and to guard against suspicious emails from fraudsters.
Kate Bevan, computing editor at Which? said: ‘Carnival customers will be alarmed that their data could have fallen into the hands of hackers who might try to exploit it, so it is vital that the company is now transparent and upfront with potential victims and supports them in taking measures to protect themselves.’
The attack is the latest blow for the cruise giant, which has endured a torrid year due to the coronavirus pandemic.
It has been forced to cancel most voyages this year, after outbreaks on several of its ships.
Passengers and workers on board liners including the Diamond Princess, the Grand Princess and the Zaandam died from the virus, while hundreds more were stranded at sea when the ships were unable to dock.
Carnival has desperately been trying to attract bookings to fill its boats when regulators allow them to begin sailing.
The discovery of a cyber attack at the weekend came as it unveiled its new Mardi Gras ship, its largest liner to date which is replete with an on-board rollercoaster and can carry up to 6,500 passengers. The enormous vessel is set to begin sailing from Florida next February.
The US Centers for Disease Control and Prevention has banned cruise voyages until at least September 30, and UK guidance still advises against cruise ship travel.
Carnival has cancelled all voyages in the US until October 31, which is in line with guidance from the Cruise Lines International Association.