- Carnival confirmed a supply‑chain breach affecting its Holland America Line loyalty program, with millions of customer records exposed
- ShinyHunters claimed responsibility, leaking 8.7 million records including personal details and millions of unique email addresses
- Carnival acknowledges incident and notifies authorities, but downplays scope, describing it as a phishing compromise of a single account
Carnival Corporation has confirmed suffering a supply-chain attack which resulted in the loss of sensitive data belonging to millions of customers.
As the world’s largest cruise company, Carnival operates multiple brands which run passenger cruise ships and offer leisure travel options. One of its subsidiaries is Holland America Line, a premium cruise line that operates mid-sized ships, and has a loyalty program called Mariner Society.
The infamous ShinyHunters collective added Holland America Line to its data leak website, claiming to have taken 8.7 million records, including names, dates of birth, genders, and membership status details.
Article continues below
Confirming the breach
The hackers apparetly leaked the data because Holland America Line never bothered to discuss a ransom payment:
“The company failed to reach an agreement with us despite our incredible patience,” the group allegedly said. “They don’t care.”
In those 8.7 million records, there were at least 7.5 million unique email addresses, breach database Have I Been Pwned? noted.
In a statement given to Cruise Hive, Carnival said it “acted quickly” to shut down the attack, as soon as it was spotted, and made sure the intruders stayed out, before it also notified police.
“Data privacy and protection are extremely important to Carnival Corporation and we’re working closely with trusted global security experts to be thoughtful and deliberate in our review of the data involved, recognizing that anonymous reports circulating online are not always accurate,” a spokesperson said.
“If we determine personal information was affected, we will follow all disclosure requirements and communicate directly with any impacted individuals.”
The company allegedly severely downplayed the importance of the incident, telling Have I Been Pwned? that the breach involved a phishing track against a single user account.
Via The Register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/y7GLevUTEjLYdujEYsv668-2560-80.jpg
Source link
