Cruise Operator Carnival Corporation Discloses Cyber Attack (Mar 5, 2020)
Holland America Line and Princess Cruises, two cruise lines belonging to Carnival Corporation, have revealed that following an investigation, an unauthorized third party had access to Personally Identifiable Information (PII) and financial information of some guests and employees. Carnival Corp. stated that the cyber attack was identified in May 2019, and that actions were taken at that time to prevent further unauthorized access. At the time of this writing, it is unknown the number of individuals that may be impacted by the breach. The unauthorized third party had access to credit card information, email addresses, names, and Social Security numbers of guests and employees.
Recommendation: Breaches of this sort may cause impacted individuals to be at a greater risk of phishing attacks. Actors can use this information to craft custom emails to increase their chances of malicious activity being approved by the recipient. Those impacted should consider identity theft protection services, and all individuals should regularly monitor their credit reports for suspicious activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.