• Home
  • Ransomware
  • Carnival Corporation & PLC hit by a data breach in Miami, FL, USA
Ransomware cyber

Carnival Corporation & PLC hit by a data breach in Miami, FL, USA

Mar 1, 2021 1 min read
Carnival Corporation & PLC hit by a data breach in Miami, FL, USA

In March 2021, Carnival Corp., a Miami-based cruise operator, suffered a **ransomware attack** initiated via a phishing email. The attackers infiltrated the IT system of one of its cruise liners, gaining unauthorized access to **personal data of both employees and customers**. While the breach was detected on March 19th, the company assessed the risk of data misuse as **low**. This incident was part of a broader pattern, as Carnival Corp. had endured **multiple ransomware attacks over a two-year period**, exposing vulnerabilities in its cybersecurity defenses. The compromised data included sensitive information, though the full extent of the exploitation remains unclear. The attack disrupted internal systems and raised concerns over **customer trust and regulatory compliance**, given the scale of exposed personal records.

Source: https://hospitalitytech.com/carnival-discloses-fourth-data-breach-two-years#:~:text=Breach%20happened%20on%20March%2019,a%20cybersecurity%20firm%20to%20investigate.

TPRM report: https://www.rankiteo.com/company/carnival-cruise-line

"id": "car327092125",
"linkid": "carnival-cruise-line",
"type": "Ransomware",
"date": "3/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': True,
                        'industry': 'cruise/travel',
                        'location': 'Miami, Florida, USA',
                        'name': 'Carnival Corp.',
                        'type': 'corporation'}],
 'attack_vector': 'email',
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'type_of_data_compromised': ['personal information']},
 'date_detected': '2021-03-19',
 'description': 'In March 2021, Carnival Corp. experienced a data breach where '
                'attackers used email to gain unauthorized access to the IT '
                'system of one of its cruise liners. The breach compromised '
                'personal information of staff and customers. The company '
                'detected the unauthorized access on March 19, 2021, with '
                'evidence suggesting a low likelihood of misuse of the stolen '
                'data. This was part of a ransomware-based attack that '
                'Carnival Corp. endured over a span of about two years.',
 'impact': {'data_compromised': ['personal information of staff and customers'],
            'identity_theft_risk': 'low likelihood',
            'systems_affected': ["limited proportions of the company's "
                                 'information systems']},
 'initial_access_broker': {'entry_point': 'email'},
 'ransomware': {'data_exfiltration': True},
 'title': 'Carnival Corp. Data Breach and Ransomware Attack (2021)',
 'type': ['data breach', 'ransomware attack']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.