Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management
Carnival Cruise Ship Firm Investigating Ransomware AttackSEC Filing Warns That Customer and Employee Data Likely Compromised
Carnival Corp., the world's largest cruise ship company, is investigating an Aug. 15 ransomware attack that likely compromised customer and employee data, according to its filing with the U.S. Securities and Exchange Commission.
The hackers apparently encrypted part of an IT system for one of Carnival’s brands and downloaded data, the company says.
"We expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders or regulatory agencies," according to the company's filing. "Although we believe that no other information technology systems of the other company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other company’s brands will not be adversely affected."
Carnival is investigating the incident and has contacted law enforcement as well as third-party security companies. The company notes in its SEC filing that it has "implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology system."
The SEC filing did not name the strain of ransomware involved or indicate if Carnival had received a ransom note or was directly dealing with the attackers.
A company spokesperson declined to comment.
This is the second time this year that Carnival has reported a security incident that affected customers' data.
In March, the company filed a notification with the California attorney general's office of a possible data breach that took place between April and June of 2019. In that case, hackers appear to have compromised customer data, including name, address, Social Security number, government identification number - such as passport number or driver’s license number - credit card and financial account information and health-related information.
Over the past several months, reports of ransomware attacks have steadily increased as more companies find themselves victims of this crypto-locking malware.
For example, Canon USA is recovering from a recent ransomware incident (see: Maze Reportedly Posts Exfiltrated Canon USA Data).
Attackers are also demanding bigger payouts. This week, incident response firm Coveware released statistics that show the average ransom paid by a victim rose 60% to $178,254 in the second quarter, compared with the first quarter, based on its clients’ incidents (see: Ransomware Payday: Average Payments Jump to $178,000).
Steve Durbin, managing director of the Information Security Forum, says organizations need to ensure that their business continuity and disaster recovery plans would enable them to access files and rebuild systems after a ransomware incident.
"To protect against the scale and scope of these threats, an organization will be forced to rethink its defensive model, particularly its business continuity and disaster recovery plans," Durbin tells Information Security Media Group. "Established plans that rely on employees being able to work from home, for example, do not stand up to an attack that removes connectivity or personally targets individuals as a means of dropping ransomware into the corporate infrastructure."
Managing Editor Scott Ferguson contributed to this report.