Carnival IT breach

[Colin_Cameron]

Saw this on Cunard's FB page yesterday but didn't think too much about it:

"We are sorry but our UK, European and Australian contact centres remain closed today due to an IT issue over the weekend which has affected our telephone system. We apologise for this and we are working to resolve it as soon as possible. In the meantime, please visit our website for inspiration, information and bookings."

 

Then, this started appearing on several IT and financial sites:

"Carnival hit by ransomware attack, guest and employee data accessed  

(Reuters) - Cruise operator Carnival Corp (CCL.N) said on Monday it launched an investigation into a ransomware attack on one of its brand’s information technology systems.

Carnival, which operates AIDA, Carnival and Princess cruises among others, in a regulatory filing said the attack included unauthorized access to personal data of guests and employees.

The company did not identify the brand that was affected and declined to provide more details, as the investigation process was at an early stage."

 

It does not mean that it was the Cunard system that was breached. Shutting down other systems in the Corp. & PLC could be part of the containment actions. Does anyone know if other brands are also 'offline'?

[Host Hattie]

There are reports on other boards  (Princess & HAL) of problems with the websites and/or phone systems over the weekend.

[majortom10]

It is widely reported here in the UK that Carnival UK i.e. Cunard/P&O computer system has been hacked and customers data has been accessed very worrying.

Edited August 18, 2020 by majortom10

[Windsurfboy]

They have my name , address , dob on my account, which leaves me open to identify theft

 

They should have deleted  credit card details  after refund, and passport details should have deleted as when last cruise was cancelled  and luckily I  haven't inputted them yet for 2022 cruise. But who knows what they keep in back up.

 

As Majortom said worrying,  let's see how long it takes them to contact us. My bet is never.

 

Working from home is not always as secure as working from office. It can be but that takes time and investment. 

 

 

[Windsurfboy]

They say online booking is working , maybe for new customers,  but mine won't link to my account.

[Host Hattie]

52 minutes ago, majortom10 said:

It is widely reported here in the UK that Carnival UK i.e. Cunard/P&O computer system has been hacked and customers data has been accessed very worrying.

Where have you seen that reported ? All the reports I have seen say that Carnival haven't identified the brand affected or whether it was a UK or US attack.

[Ray66]

Someone called Molecrochip on the P&O forum says:

 

Whilst I don’t have firm confirmation, I don’t believe it was a UK based brand that was attacked. 
 

Believe that related UK systems were taken offline as precaution whilst attack is investigated and understood.

[BigMac1953]

Before everyone gets too excited and worked up, it might be better waiting for the facts.

 

As has been pointed out, it may well have nothing to do with the UK or Cunard.

 

No point in guessing.

 

[Windsurfboy]

Both Cunard and P&O websites won't link a new booking  to an account.  Presume either personal data has been taken off  line by carnival as a precaution , good. Or the've been ransomed,  bad.

 

Cant but wait and see. 

[mcloaked]

There is the direct SEC filing at https://www.sec.gov/ix?doc=/Archives/edgar/data/815097/000095014220002039/eh2001078_8k.htm and also the report at https://www.teiss.co.uk/carnival-corporation-ransomware-attack/

Edited August 18, 2020 by mcloaked
Added an extra link

[mcloaked]

It would normally be the case that the company would contact any customers whose data has been breached so that they are aware of the security implications. However that contact may not happen immediately.

[Victoria2]

Voyage personaliser is up and running again today. 

[Windsurfboy]

Voyage personaliser has always worked for  me but I  still can't access my  account,  where my details and preferences etc are stored

[Victoria2]

13 minutes ago, Windsurfboy said:

Voyage personaliser has always worked for  me but I  still can't access my  account,  where my details and preferences etc are stored

Access to my VPs have been hit and miss so you're one up on me. 

[Craigrlewis]

Been trying to call them since Monday and can't
Monday recorded message said they were closed due to IT issues then disconnected you
Facebook/Twitter yesterday said the same
Facebook/Twitter today says open but they can't access bookings so they will only answer general ship queries

Not exactly sterling service - appreciate they are trying to deal with this IT breach but they should call it like it is and say "Due to the widely publicised IT breach we are closed trying to secure systems etc" 

I also find it strange they still have yet to confirm which brands and jurisdictions were compromised 
I could be sarcastic and say Cunards IT is so bad I doubt the hacker would even go near it for fear of ending up down one of those broken links to nowhere!

[Ynox]

If Carnival are complying with GDPR legislation then all data should be encrypted (and if they're not GDPR compliant then that's a big problem).

 

As others have said we don't know what Carnival brand is affected by this. But I'm not hugely worried personally as I'd hope stuff was encrypted as above.

 

I suspect this is something like a network share was left open for people working remotely or similar. One machine had a ransomware installed (e.g. someone gets emailed a dodgy attachment) then it spread via the network share to other machines (e.g. servers) and encrypted them. Hopefully they had good back ups!

 

(i do this kind of stuff for my job!)

[mcloaked]

On 8/20/2020 at 8:20 PM, Ynox said:

If Carnival are complying with GDPR legislation then all data should be encrypted (and if they're not GDPR compliant then that's a big problem).

 

As others have said we don't know what Carnival brand is affected by this. But I'm not hugely worried personally as I'd hope stuff was encrypted as above.

 

I suspect this is something like a network share was left open for people working remotely or similar. One machine had a ransomware installed (e.g. someone gets emailed a dodgy attachment) then it spread via the network share to other machines (e.g. servers) and encrypted them. Hopefully they had good back ups!

 

(i do this kind of stuff for my job!)

 

Many companies unfortunately rely on Windows servers, as well as Windows desktops for staff - Windows is the most vulnerable operating system to cyber attack - if Carnival's companies were using Linux servers they would have been hugely less vulnerable.  Sadly this has not been taken on board by a lot of companies and organisations. Those companies who invested in Linux systems and expertise are in a much better position than those who have not.  Either way I do hope that Cunard is not the brand impacted in this event, but I suppose information will emerge in due course - and hopefully the significant number of Cunard customers have not had their personal data exposed to the possibility of further attack at a personal level. It does take time for companies to try to recover from cyber attack events - hopefully it won't be too long - but in some cases (eg the recent Blackbaud exposure) it can be a month or two before information is released - hopefully in this case it will be a lot sooner!

[Ynox]

On 8/21/2020 at 10:04 PM, mcloaked said:

 

Many companies unfortunately rely on Windows servers, as well as Windows desktops for staff - Windows is the most vulnerable operating system to cyber attack - if Carnival's companies were using Linux servers they would have been hugely less vulnerable.  Sadly this has not been taken on board by a lot of companies and organisations. Those companies who invested in Linux systems and expertise are in a much better position than those who have not.  Either way I do hope that Cunard is not the brand impacted in this event, but I suppose information will emerge in due course - and hopefully the significant number of Cunard customers have not had their personal data exposed to the possibility of further attack at a personal level. It does take time for companies to try to recover from cyber attack events - hopefully it won't be too long - but in some cases (eg the recent Blackbaud exposure) it can be a month or two before information is released - hopefully in this case it will be a lot sooner!

 

Agreed. From memory Carnival UK's IT systems are on Windows - they're a Microsoft place. I saw a solutions architect role advertised that I was kind of tempted to apply for but my experience is more on the Java / Linux side than MS.

[resistk]

Par for the course, Princess was breached a while back as well.  Apparently Carnival didn't want to invest in security, a pity really.

[majortom10]

11 hours ago, resistk said:

Par for the course, Princess was breached a while back as well.  Apparently Carnival didn't want to invest in security, a pity really.

Bet they wished they had now.

[bluemarble]

This may be old news by now, but I noticed this yesterday. Carnival announced on Tuesday that the August IT breach involved three of their cruise brands: Carnival Cruise Line, Holland America Line and Seabourn (as well as casino operations). Here's a link to the press release.

 

https://www.carnivalcorp.com/news-releases/news-release-details/carnival-corporation-plc-update-cyber-event

Edited October 15, 2020 by bluemarble