Jump to content

Carnival IT breach


Colin_Cameron
 Share

Recommended Posts

Saw this on Cunard's FB page yesterday but didn't think too much about it:

"We are sorry but our UK, European and Australian contact centres remain closed today due to an IT issue over the weekend which has affected our telephone system. We apologise for this and we are working to resolve it as soon as possible. In the meantime, please visit our website for inspiration, information and bookings."

 

Then, this started appearing on several IT and financial sites:

"Carnival hit by ransomware attack, guest and employee data accessed  

(Reuters) - Cruise operator Carnival Corp (CCL.N) said on Monday it launched an investigation into a ransomware attack on one of its brand’s information technology systems.

Carnival, which operates AIDA, Carnival and Princess cruises among others, in a regulatory filing said the attack included unauthorized access to personal data of guests and employees.

The company did not identify the brand that was affected and declined to provide more details, as the investigation process was at an early stage."

 

It does not mean that it was the Cunard system that was breached. Shutting down other systems in the Corp. & PLC could be part of the containment actions. Does anyone know if other brands are also 'offline'?

Link to comment
Share on other sites

They have my name , address , dob on my account, which leaves me open to identify theft

 

They should have deleted  credit card details  after refund, and passport details should have deleted as when last cruise was cancelled  and luckily I  haven't inputted them yet for 2022 cruise. But who knows what they keep in back up.

 

As Majortom said worrying,  let's see how long it takes them to contact us. My bet is never.

 

Working from home is not always as secure as working from office. It can be but that takes time and investment. 

 

 

Link to comment
Share on other sites

52 minutes ago, majortom10 said:

It is widely reported here in the UK that Carnival UK i.e. Cunard/P&O computer system has been hacked and customers data has been accessed very worrying.

Where have you seen that reported ? All the reports I have seen say that Carnival haven't identified the brand affected or whether it was a UK or US attack.

  • Like 1
Link to comment
Share on other sites

Someone called Molecrochip on the P&O forum says:

 

Whilst I don’t have firm confirmation, I don’t believe it was a UK based brand that was attacked. 
 

Believe that related UK systems were taken offline as precaution whilst attack is investigated and understood.

  • Like 1
Link to comment
Share on other sites

Been trying to call them since Monday and can't
Monday recorded message said they were closed due to IT issues then disconnected you
Facebook/Twitter yesterday said the same
Facebook/Twitter today says open but they can't access bookings so they will only answer general ship queries

Not exactly sterling service - appreciate they are trying to deal with this IT breach but they should call it like it is and say "Due to the widely publicised IT breach we are closed trying to secure systems etc" 

I also find it strange they still have yet to confirm which brands and jurisdictions were compromised 
I could be sarcastic and say Cunards IT is so bad I doubt the hacker would even go near it for fear of ending up down one of those broken links to nowhere!

Link to comment
Share on other sites

If Carnival are complying with GDPR legislation then all data should be encrypted (and if they're not GDPR compliant then that's a big problem).

 

As others have said we don't know what Carnival brand is affected by this. But I'm not hugely worried personally as I'd hope stuff was encrypted as above.

 

I suspect this is something like a network share was left open for people working remotely or similar. One machine had a ransomware installed (e.g. someone gets emailed a dodgy attachment) then it spread via the network share to other machines (e.g. servers) and encrypted them. Hopefully they had good back ups!

 

(i do this kind of stuff for my job!)

Link to comment
Share on other sites

On 8/20/2020 at 8:20 PM, Ynox said:

If Carnival are complying with GDPR legislation then all data should be encrypted (and if they're not GDPR compliant then that's a big problem).

 

As others have said we don't know what Carnival brand is affected by this. But I'm not hugely worried personally as I'd hope stuff was encrypted as above.

 

I suspect this is something like a network share was left open for people working remotely or similar. One machine had a ransomware installed (e.g. someone gets emailed a dodgy attachment) then it spread via the network share to other machines (e.g. servers) and encrypted them. Hopefully they had good back ups!

 

(i do this kind of stuff for my job!)

 

Many companies unfortunately rely on Windows servers, as well as Windows desktops for staff - Windows is the most vulnerable operating system to cyber attack - if Carnival's companies were using Linux servers they would have been hugely less vulnerable.  Sadly this has not been taken on board by a lot of companies and organisations. Those companies who invested in Linux systems and expertise are in a much better position than those who have not.  Either way I do hope that Cunard is not the brand impacted in this event, but I suppose information will emerge in due course - and hopefully the significant number of Cunard customers have not had their personal data exposed to the possibility of further attack at a personal level. It does take time for companies to try to recover from cyber attack events - hopefully it won't be too long - but in some cases (eg the recent Blackbaud exposure) it can be a month or two before information is released - hopefully in this case it will be a lot sooner!

  • Like 1
Link to comment
Share on other sites

On 8/21/2020 at 10:04 PM, mcloaked said:

 

Many companies unfortunately rely on Windows servers, as well as Windows desktops for staff - Windows is the most vulnerable operating system to cyber attack - if Carnival's companies were using Linux servers they would have been hugely less vulnerable.  Sadly this has not been taken on board by a lot of companies and organisations. Those companies who invested in Linux systems and expertise are in a much better position than those who have not.  Either way I do hope that Cunard is not the brand impacted in this event, but I suppose information will emerge in due course - and hopefully the significant number of Cunard customers have not had their personal data exposed to the possibility of further attack at a personal level. It does take time for companies to try to recover from cyber attack events - hopefully it won't be too long - but in some cases (eg the recent Blackbaud exposure) it can be a month or two before information is released - hopefully in this case it will be a lot sooner!

 

Agreed. From memory Carnival UK's IT systems are on Windows - they're a Microsoft place. I saw a solutions architect role advertised that I was kind of tempted to apply for but my experience is more on the Java / Linux side than MS.

Link to comment
Share on other sites

  • 1 month later...

This may be old news by now, but I noticed this yesterday. Carnival announced on Tuesday that the August IT breach involved three of their cruise brands: Carnival Cruise Line, Holland America Line and Seabourn (as well as casino operations). Here's a link to the press release.

 

https://www.carnivalcorp.com/news-releases/news-release-details/carnival-corporation-plc-update-cyber-event

Edited by bluemarble
  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Forum Jump
    • Categories
      • Thank You for 25 Years - Click for Fun Stuff!
      • Forum Assistance
      • New Cruisers
      • Cruise Lines “A – O”
      • Cruise Lines “P – Z”
      • River Cruising
      • ROLL CALLS
      • Digital Photography & Cruise Technology
      • Special Interest Cruising
      • Cruise Discussion Topics
      • UK Cruising
      • Australia & New Zealand Cruisers
      • Canadian Cruisers
      • North American Homeports
      • Ports of Call
      • Cruise Conversations
×
×
  • Create New...