Jump to content
Cruise Critic Community

Carnival Data Breach

JT1962

By JT1962,
in Carnival Cruise Lines

 Share

Recommended Posts

BlerkOne "Live from...." Rare

BlerkOne

Posted
Posted
57 minutes ago, xDisconnections said:

I think the big players in cruising and even travel were down today. Royal went down quite a bit- didn't they have some type of debt offering or convertible notes or something?

I don't follow RCL but it looks like a couple of days ago they said they are trying to raise a billion dollars.

 

On Carnival, we learned the cruise lines impacted - Carnival, Holland, and Seabourn

 

Carnival Corporation (CCL -6.9%) plunges after disclosing a data breach that could affect customers' user information.

CCL says in August an unauthorized party gained access to a company database which includes personal information relating to some guests, employees and crew for three of the corporation's brands -- Carnival Cruise Line, Holland America Line and Seabourn, as well as casino operations.

The company engaged a major cybersecurity firm to investigate the matter and notified law enforcement and appropriate regulators of the event and took steps to recover its files, has evidence indicating a low likelihood of the data being misused.

The company is working to identify the guests, employees, crew and other individuals whose personal information may have been impacted and expects to complete this process within the next 30 to 60 days and will then send notifications to potentially affected individuals whose current contact information is available to the company.

Link to comment
Share on other sites
Moviela

Moviela

Posted
Posted

I cannot understand how multi-billion dollar companies cannot keep sensitive data secure. There is nothing that is totally secure, but you can keep the bad actors at bay with effective counter measures, including those that prevent social engineering and disgruntled employees. 

Link to comment
Share on other sites
pe4all

pe4all

Posted
Posted
13 hours ago, JT1962 said:

Just what Carnival and the cruise industry needed this year, more issues.

 

 

 

 

And just what we need - another thing to worry about.  Don't care about the names/addresses/phone # but not thrilled that dob/passport/ss # info may be out there.

Link to comment
Share on other sites
ProgRockCruiser

ProgRockCruiser

Posted
Posted
2 hours ago, Moviela said:

I cannot understand how multi-billion dollar companies cannot keep sensitive data secure. There is nothing that is totally secure, but you can keep the bad actors at bay with effective counter measures, including those that prevent social engineering and disgruntled employees. 

Because the most important part of good cybersecurity still relies on humans to not click that link in a spoof/phishing email.

 

You'd be amazed at how fallible/gullible some people are...

  • Like 6
Link to comment
Share on other sites
john91498

john91498

Posted
Posted
27 minutes ago, fyree39 said:

https://digitalguardian.com/blog/top-10-biggest-us-government-data-breaches-all-time

 

It's probably way too late to worry about bad actors having your information. At least I wasn't a part of Tricare when they got hacked. 

 

Yep, my credit watch dog company alerted me that all my bank accounts, investment accounts and credit card accounts were found on-line. Was a huge hassle to close all those accounts I had for decades.

Link to comment
Share on other sites
crewsweeper "Live from...." Rare

crewsweeper

Posted
Posted

They're not going to tell you who or what, but given that the article said "SOME" passengers and crew and CASINO operations, if you don't play in the casino, you're probably ok.  If you're PLAYERS CLUB,  you may want to check with your credit cards or "LifeLock" type security.

  • Like 1
Link to comment
Share on other sites
jimbo5544 "Live from...." Rare

jimbo5544

Posted
Posted (edited)
6 hours ago, Moviela said:

I cannot understand how multi-billion dollar companies cannot keep sensitive data secure. There is nothing that is totally secure, but you can keep the bad actors at bay with effective counter measures, including those that prevent social engineering and disgruntled employees. 

It happens to everybody.  From the real experts: it is not a matter of if, but when.   The bad guys adapt to countermeasures with increased efficiency and skill.  Most would agree that the skill level is better on the bad guys side.  

Edited by jimbo5544
  • Like 1
Link to comment
Share on other sites
jimbo5544 "Live from...." Rare

jimbo5544

Posted
Posted
4 hours ago, ProgRockCruiser said:

Because the most important part of good cybersecurity still relies on humans to not click that link in a spoof/phishing email.

 

You'd be amazed at how fallible/gullible some people are...

Bingo

 

  • Like 1
Link to comment
Share on other sites
BlerkOne "Live from...." Rare

BlerkOne

Posted
Posted
6 hours ago, Moviela said:

I cannot understand how multi-billion dollar companies cannot keep sensitive data secure. There is nothing that is totally secure, but you can keep the bad actors at bay with effective counter measures, including those that prevent social engineering and disgruntled employees. 

Once they connect to the Internet, it's game over.

 

Same with physical security of your home or business. or computer center. If someone wants in bad enough, they will find or make a way.

Link to comment
Share on other sites
crewsweeper "Live from...." Rare

crewsweeper

Posted
Posted
2 hours ago, ontheweb said:

They should hire the bad guys to find the holes in their security.

They do.   But there are more bad than good.  

Some of these are just young hackers sitting in their basements, find out how easy it is to do and maybe make a little $ for that next game..  Many are "professional", reside in China or Russia or other countries and are doing things intentionally.

  • Like 2
Link to comment
Share on other sites
bitemyfly

bitemyfly

Posted
Posted

Ccl because if it size , amount of transactions and being a public company are mandated thru several ways .

PCI being one of them .

i know for a fact they are required by law proper architecture to isolate data , along with protocols to continually protect.they are mandated have onsite audits, continues network scans .

unfortunately with many companies going to skeleton crews these are the first thing that slip .. systems go unpatched and holes are opened and exploited.

this breach and how he it occurred and what exactly was exploited will ultimately  be published.
I know of three breach of pii data in large for profit companies.. Not Ccl -all due to lack of upkeep and maintenance due to layoffs .

all under control of the co but short sighted penny wise /dollar foolish.

Giant fines for non compliance!

 

Link to comment
Share on other sites
bitemyfly

bitemyfly

Posted
Posted
1 hour ago, crewsweeper said:

They do.   But there are more bad than good.  

Some of these are just young hackers sitting in their basements, find out how easy it is to do and maybe make a little $ for that next game..  Many are "professional", reside in China or Russia or other countries and are doing things intentionally.

carnival does every year , they must an outside info sec co do at a Bare minimum penetration tests for internal, external, social engineering and physical. they are usually contracted for and are unannounced .

With proper upkeep it brings the risk way way down.. 

Most foreign gov are after IP or surveillance,  not credit cards or pii data , North Korea being the exception 

Link to comment
Share on other sites
BlerkOne "Live from...." Rare

BlerkOne

Posted
Posted
1 hour ago, bitemyfly said:

carnival does every year , they must an outside info sec co do at a Bare minimum penetration tests for internal, external, social engineering and physical. they are usually contracted for and are unannounced .

With proper upkeep it brings the risk way way down.. 

Most foreign gov are after IP or surveillance,  not credit cards or pii data , North Korea being the exception 

and every year there are security breaches. I've lost count of how many years of free credit monitoring services I am entitled to.

Link to comment
Share on other sites
Organized Chaos

Organized Chaos

Posted
Posted
14 hours ago, pe4all said:

And just what we need - another thing to worry about.  Don't care about the names/addresses/phone # but not thrilled that dob/passport/ss # info may be out there.

 

I'm assuming the SS# are from employees & crew. As passengers, we don't give our SS# for the booking process.

 

It irks me that they collect our passport numbers. I don't know why we can't just check off the passport option during online check-in without including the number. They check them at the terminal, that should be enough.

Link to comment
Share on other sites
BlerkOne "Live from...." Rare

BlerkOne

Posted
Posted
3 minutes ago, Organized Chaos said:

 

I'm assuming the SS# are from employees & crew. As passengers, we don't give our SS# for the booking process.

 

It irks me that they collect our passport numbers. I don't know why we can't just check off the passport option during online check-in without including the number. They check them at the terminal, that should be enough.

 

What could someone do with a passport number? Don't all US passports have RFID chips these days?

Link to comment
Share on other sites
Organized Chaos

Organized Chaos

Posted
Posted
13 hours ago, ProgRockCruiser said:

Because the most important part of good cybersecurity still relies on humans to not click that link in a spoof/phishing email.

 

You'd be amazed at how fallible/gullible some people are...

 

Their "information technology systems," as they call it, weren't breached because people may have clicked on phishing emails.

 

11 hours ago, crewsweeper said:

They're not going to tell you who or what, but given that the article said "SOME" passengers and crew and CASINO operations, if you don't play in the casino, you're probably ok.  If you're PLAYERS CLUB,  you may want to check with your credit cards or "LifeLock" type security.

 

They're working on figuring out whose data was taken and they'll start notifying those people, possibly within 30-60 days. It went beyond casino players. It likely includes data collected during the booking process as well, which is millions of people booked at any given time. For what it's worth, they're claiming that their evidence shows there's a "low likelihood of the data being misused." Take that with a grain of salt. For some people, it could be months, a year, or more for them to see any fraudulent activity. The data taken during these breaches are often sold en masse online. Bad guys often buy up large lots of this information and it takes a while to work through all of it. I have a relative who got caught up in the huge Target breach several years ago, but she didn't know it until the bad guys started using her credit card a year later.

Link to comment
Share on other sites
shof515 "Live from...." Rare

shof515

Posted
Posted
7 hours ago, Organized Chaos said:

 Bad guys often buy up large lots of this information and it takes a while to work through all of it. I have a relative who got caught up in the huge Target breach several years ago, but she didn't know it until the bad guys started using her credit card a year later.

 

years ago i was involved with the Home Depot data breach and that was the first time i ever seen fraudulent activity on my credit card

Link to comment
Share on other sites
pe4all

pe4all

Posted
Posted

Unfortunately we have been "victims" a few times. (Target, American Airlines)  Our credit card companies seem to be really good in "recognizing" fraudulent charges, and putting a hold on a card until we okay the transaction.  It is a pain sometimes until we contact the fraud dept., and sometimes the transaction is cancelled if we don't respond immediately but worth it in the long run.   Hoping we are missed in the CCL breach, as we play in the casino.  I am sure people will post somewhere on this board if CCL informs them they have been breached.  I know I will - lol.

  • Like 1
Link to comment
Share on other sites
ProgRockCruiser

ProgRockCruiser

Posted
Posted
10 hours ago, Organized Chaos said:

It irks me that they collect our passport numbers. I don't know why we can't just check off the passport option during online check-in without including the number. They check them at the terminal, that should be enough.

They provide the Passport or other pre-check-in info to CBP and other authorities to verify whether you should cruise, etc.  Part of the detailed passenger manifest info required by law, AFAIK.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
  • Forum Jump
    • Categories
      • Welcome to Cruise Critic
      • ANNOUNCEMENT: Set Sail Beyond the Ordinary with Oceania Cruises
      • ANNOUNCEMENT: The Widest View in the Whole Wide World
      • New Cruisers
      • Cruise Lines “A – O”
      • Cruise Lines “P – Z”
      • River Cruising
      • ROLL CALLS
      • Cruise Critic News & Features
      • Digital Photography & Cruise Technology
      • Special Interest Cruising
      • Cruise Discussion Topics
      • UK Cruising
      • Australia & New Zealand Cruisers
      • Canadian Cruisers
      • North American Homeports
      • Ports of Call
      • Cruise Conversations
×
×
  • Create New...