Carnival cruise operator confirms nearly 6 million people affected in data breach

News
By published

A month after the breach, Carnival starts notifying affected individuals

A pink triangle with a red exclamation mark inside on a blue digital landscape
(Image credit: Getty Images)
  • Carnival confirmed its April ransomware attack affected 5,995,277 people
  • Stolen data included names, birth dates, genders, membership details
  • ShinyHunters leaked the data after failed ransom talks

Carnival Corporation, the world’s largest cruise company, said it began notifying people affected by the April ransomware attack, pinning the number of victims to just under six million.

In late April this year, the company confirmed suffering a supply-chain attack and losing sensitive data on millions of customers. As the world’s largest cruise company, Carnival operates multiple brands, including Holland America Line. It was this subsidiary that was struck by the infamous ShinHunters collective, who listed it on its data leak site, claiming to have taken 8.7 million records.

Among the stolen data were names, dates of birth, genders, and membership status details, and Have I Been Pwned? later added that around 7.5 million emails were compromised, as well.

Latest Videos From

Stolen credentials through phishing

Now, the company filed a new report with the Maine Attorney General’s Office, sharing a sample of the letter being sent to affected individuals, and reporting exactly 5,995,277 victims.

In the letter, Carnival said that the attack took place on April 14, after hackers social-engineered an employee into sharing access to “a limited portion of the company’s IT system.” The company also said it is now offering 24 months of free membership with TransUnion’s credit monitoring services, to help mitigate any potential fallout.

ShinyHunters leaked the Carnival data on the dark web soon after the breach, stating that the negotiations with the company broke down. "The company failed to reach an agreement with us despite our incredible patience," the group allegedly said. "They don't care."

All at once, ShinyHunters released data on around 40 different organizations, including Mytheresa, Zara, 7-Eleven, Pitney Bowes, and Carnival.

“Carnival Corporation takes the privacy and security of your information seriously,” the company stressed in the letter. “We deeply regret this incident and any concern it may cause.”

Via The Register

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.