- Carnival confirmed that their April ransomware attack affected 5,995,277 people
- Stolen data included names, dates of birth, gender, membership details
- ShinyHunters leaked the data after failed ransom negotiations
Carnival Corporation, the world’s largest cruise line, said it began notifying people affected by the ransomware attack in April, putting the number of victims at just under six million.
At the end of April this year, the company confirmed that it suffered a supply chain attack and lost sensitive data on millions of customers. As the world’s largest cruise line, Carnival operates several brands, including Holland America Line. It was this subsidiary that was targeted by the infamous ShinHunters collective, which listed it on its data leak site and claimed to have taken 8.7 million records.
Among the stolen data were names, dates of birth, gender and membership status information and Have I Been Pwned? later added that about 7.5 million emails were also compromised.
Stolen credentials through phishing
Now, the company has filed a new report with the Maine Attorney General’s Office, sharing a sample of the letter sent to affected individuals and reporting exactly 5,995,277 victims.
In the letter, Carnival said the attack occurred on April 14 after hackers socially engineered an employee to share access to “a limited portion of the company’s IT system.” The company also said it is now offering 24 months of free membership with TransUnion’s credit monitoring services to help mitigate any potential fallout.
ShinyHunters leaked the Carnival data on the dark web shortly after the breach, saying negotiations with the company broke down. “The company failed to reach an agreement with us despite our incredible patience,” the group reportedly said. “They don’t care.”
At one time, ShinyHunters released data on about 40 different organizations, including Mytheresa, Zara, 7-Eleven, Pitney Bowes and Carnival.
“Carnival Corporation takes the privacy and security of your information seriously,” the company stressed in the letter. “We deeply regret this incident and any concern it may cause.”
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
