- Carnival confirmed a supply chain breach affecting its Holland America Line loyalty program, with millions of customer records exposed
- ShinyHunters claimed responsibility and leaked 8.7 million records including personal information and millions of unique email addresses
- Carnival acknowledges the incident and notified authorities, but downplays the scope, describing it as a phishing compromise of a single account
Carnival Corporation has confirmed that it suffered a supply chain attack that resulted in the loss of sensitive data belonging to millions of customers.
As the world’s largest cruise line, Carnival operates several brands that operate passenger cruise ships and offer leisure travel options. One of its subsidiaries is Holland America Line, a premium cruise line that operates mid-sized ships and has a loyalty program called Mariner Society.
The infamous ShinyHunters collective added Holland America Line to its data leak website and claimed to have taken 8.7 million records, including names, dates of birth, gender and membership status details.
The article continues below
Confirmation of the breach
The hackers apparently leaked the data because Holland America Line never bothered to discuss a ransom:
“The company failed to reach an agreement with us despite our incredible patience,” the group reportedly said. “They don’t care.”
In those 8.7 million records, there were at least 7.5 million unique email addresses, database breach Have I Been Pwned? noticed.
In a statement given to Cruise HiveCarnival said it “acted quickly” to shut down the attack as soon as it was discovered and made sure the intruders were out before notifying the police as well.
“Data protection and privacy is extremely important to Carnival Corporation and we work closely with trusted global security experts to be thoughtful and judicious in our review of the data involved, recognizing that anonymous reports circulating online are not always accurate,” a spokesperson said.
“If we determine that personal information was affected, we will follow all disclosure requirements and communicate directly with all affected individuals.”
The company reportedly severely downplayed the importance of the incident, telling Have I Been Pwned? that the breach involved a phishing trail against a single user account.
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
