New blow for virus-hit cruise giant as hackers target customer data
A CRUISE ship firm badly hit by the Covid crisis has admitted that hackers may have accessed customers’ personal details.
Carnival – which had 13 million customers a year before the pandemic – has warned that it discovered a cyber-attack over the weekend.
A statement from the world’s biggest cruise ship operator read: “We expect the security event included unauthorised access to personal data of guests and employees, which may result in potential claims.”
It is the latest blow for the AngloAmerican company, which has seen its share price slump by 75 per cent since the pandemic started.
Two of its ships, the Grand Princess and Diamond Princess, were forced into quarantine as more than 800 people aboard them tested positive for coronavirus.
Fallout
Thirteen people who had been on the Diamond Princess died after contracting the disease.
Carnival said it had told regulators about the ransomware attack, which got into encrypted parts of its computer systems.
It added that hackers were able to download “certain of our data files”.
But the company declined to say what brand was affected and how many customers or staff have been impacted.
Cyber-security expert Anurag Kahol, from Bitglass, said: “The travel industry is an extremely attractive target to cyber-criminals.
“They can collect and store personally identifiable information on billions of passengers every year, including passport numbers, credit card information, email addresses and much more.”
Dan Panesar, UK and Ireland director at Securonix, also predicted significant fallout for the company.
He said: “It appears the attackers have used the classic diversion of a ransomware attack to divert attention from the real focus of the attack, which was to steal valuable and sensitive data.”
But Carnival was bullish in its statement to the financial markets about the implications of the hack.
It said: “Based on its preliminary assessment and on the information currently known the company does not believe the incident will have a material impact on its business, operations or financial results.” The company has already hired lawyers to deal with potential claims and is working with “industry-leading cybersecurity firms” to respond to the threat, it said.
Pre-Covid, the company employed 150,000 people. As well as Carnival Cruise Line and Princess Cruises, it also runs the Costa, P&O Australia, P&O Cruises, Holland American Line, AIDA, Cunard and Seabourn brands.