Pictured: A Carnival cruise docked in Long Beach last March. This year, Carnival has disclosed two data breach incidents – one involving ransomware. (Brittany Murray/MediaNews Group/Long Beach Press-Telegram via Getty Images)
After falling victim to two confirmed cyberattacks, and a possible third, since 2019, Carnival Corporation & plc has experts suggesting that the cruise operator – already imperiled by Covid-19’s impact on the travel industry – may need to institute major reforms to its security program and policies before suffering further damage to its reputation.
Earlier this week, the $20.8 billion corporation acknowledged in a news release and an 8-K filing with the Securities and Exchange Commission that one of its cruise brands suffered an Aug. 15 ransomware attack during which the threat actors “accessed and encrypted a portion of one [cruise liner] brand’s information technology systems” and also exfiltrated sensitive customer information – potentially for extortion purposes. The disclosure came just months after the company separately announced last March that its Princess and Holland Cruise Line operations in 2019 carnival right after breaches threaten travelers trust
