Hackers stole employee and customer data from cruise company Carnival Corporation

In August of this year, we reported that the world’s largest cruise company, Carnival Corporation, was attacked by an unnamed ransomware. Now it turned out that hackers stole the data of employees and customers from Carnival Corporation.

“It is assumed that the hackers could have stolen files from the network of the affected company, therefore, gaining access to the personal data of some employees and customers”, – wrote cybersecurity experts after the accident.

Now Carnival Corporation has submitted new documents to the Securities and Exchange Commission, where it has officially confirmed that the criminals have stolen the personal information of some customers, employees and crew members.

It is reported that such a conclusion was reached by third-party information security auditors hired by Carnival Corporation to investigate the incident. Now the cruise giant has notified regulators and law enforcement agencies about the incident, but the company emphasizes that the stolen data has not been abused yet.

“Carnival Corporation may have been compromised due to vulnerability CVE-2019-19781, which affects several versions of Citrix Application Delivery Controller (ADC), Citrix Gateway, and two older versions of Citrix SD-WAN WANOP”, – believe experts of the Bad Packets company.

This problem was discovered at the end of 2019, and even that time analysts warned that more than 80,000 vulnerable servers could be found in the public domain, that is, the problem threatened tens of thousands of companies from 158 countries.

Also, according to experts, the problem could lie in the CVE-2020-2021 vulnerability found in PAN-OS, an operating system running on firewalls and corporate VPN devices manufactured by Palo Alto Networks.

Let me also remind you that we wrote that XHunt cybercriminal band attacked Gulf shipping companies.