Ransomware cyber

Carnival Corp.

Mar 1, 2021 1 min read
Carnival Corp.

In March 2021, Carnival Corp., a Miami-based cruise company, suffered a **ransomware attack** initiated via a phishing email. The attackers breached the IT system of one of its cruise liners, gaining unauthorized access to **personal data of both employees and customers**. While the intrusion was detected on **March 19th**, the company assessed that the **likelihood of misuse of the stolen data was low**. This incident was part of a recurring pattern, as Carnival Corp. had endured **multiple ransomware attacks over a two-year period**, highlighting persistent vulnerabilities in its cybersecurity defenses. The breach exposed sensitive information, though the full scale of the financial, reputational, or operational damage was not explicitly detailed in the report.

Source: https://www.documentcloud.org/documents/20949884-carnival-march-bc-data-breach-notice

TPRM report: https://www.rankiteo.com/company/carnival-corporation

"id": "car913092125",
"linkid": "carnival-corporation",
"type": "Ransomware",
"date": "3/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': 'yes (number unspecified)',
                        'industry': 'cruise line / hospitality',
                        'location': 'Miami, Florida, USA',
                        'name': 'Carnival Corp.',
                        'type': 'corporation'}],
 'attack_vector': 'email (phishing or credential compromise)',
 'data_breach': {'data_exfiltration': 'yes',
                 'personally_identifiable_information': 'yes',
                 'sensitivity_of_data': 'moderate (personal information)',
                 'type_of_data_compromised': ['personal information']},
 'date_detected': '2021-03-19',
 'description': 'In March 2021, Carnival Corp. experienced a data breach where '
                'attackers used email to gain unauthorized access to the IT '
                'system of one of its cruise liners. The breach resulted in '
                'the exposure of personal information of staff and customers. '
                'The company detected the unauthorized access on March 19, '
                '2021, with evidence suggesting a low likelihood of misuse of '
                'the stolen data. This was part of a ransomware-based attack '
                'that Carnival Corp. endured over a span of about two years.',
 'impact': {'data_compromised': ['personal information of staff',
                                 'personal information of customers'],
            'identity_theft_risk': 'low likelihood (as per company assessment)',
            'systems_affected': ['IT system of one cruise liner']},
 'initial_access_broker': {'entry_point': 'email',
                           'high_value_targets': ['IT system of one cruise '
                                                  'liner']},
 'investigation_status': 'detected (2021-03-19); ongoing or unresolved details '
                         'unspecified',
 'ransomware': {'data_exfiltration': 'yes'},
 'title': 'Carnival Corp. Data Breach and Ransomware Attack (March 2021)',
 'type': ['data breach', 'ransomware attack']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.