Hackers stole employee and customer data from cruise company Carnival Corporation

In August of this year, we reported that the world’s largest cruise company, Carnival Corporation, was attacked by an unnamed ransomware. Now it turned out that hackers stole the data of employees and customers from Carnival Corporation.

Then, in a statement to the US Securities and Exchange Commission, it was reported that the attackers were able to gain access to the systems of an unnamed subsidiary brand of Carnival Corporation and encrypted files on the affected machines.

“It is assumed that the hackers could have stolen files from the network of the affected company, therefore, gaining access to the personal data of some employees and customers”, – wrote cybersecurity experts after the accident.

Now Carnival Corporation has submitted new documents to the Securities and Exchange Commission, where it has officially confirmed that the criminals have stolen the personal information of some customers, employees and crew members.

It is reported that such a conclusion was reached by third-party information security auditors hired by Carnival Corporation to investigate the incident. Now the cruise giant has notified regulators and law enforcement agencies about the incident, but the company emphasizes that the stolen data has not been abused yet.

“Carnival Corporation may have been compromised due to vulnerability CVE-2019-19781, which affects several versions of Citrix Application Delivery Controller (ADC), Citrix Gateway, and two older versions of Citrix SD-WAN WANOP”, – believe experts of the Bad Packets company.

This problem was discovered at the end of 2019, and even that time analysts warned that more than 80,000 vulnerable servers could be found in the public domain, that is, the problem threatened tens of thousands of companies from 158 countries.

Also, according to experts, the problem could lie in the CVE-2020-2021 vulnerability found in PAN-OS, an operating system running on firewalls and corporate VPN devices manufactured by Palo Alto Networks.

Carnival Corporation is currently the world’s largest multinational cruise tourism company. It brings together over 20 subsidiary cruise lines, including Carnival Cruise Lines, Princess Cruises, Holland America Line and Seabourn Cruise Line, P&O Cruises, Cunard Line, Ocean Village, AIDA Cruises, Costa Cruises and P&O Cruises Australia.

The Carnival Corporation owns more than 600 ships and employs 150,000 people serving more than 13,000,000 people annually.

Let me also remind you that we wrote that XHunt cybercriminal band attacked Gulf shipping companies.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

US sanctions for Triton malware

US authorities imposed sanctions on a Russian institution associated with Triton malware

The US Treasury Department announced the imposition of sanctions on the Central Research Institute of …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.