Carnival Hit by Data Breach: A Cyber Attack Too Could Send Stocks Tumbling Down
No corporate entity is safe from a cyber event. In the latest web of cyber breaches, the world’s largest leisure travel and cruise management company Carnival Corporation got entangled with a data breach incident. The company sent out a letter disclosing the extent of data breach and attack on privacy affecting IT systems supporting its personal information, financial and health information management systems. This is not the first time the cruise operator has been on the radar of cyber-attackers. In August 2020, it reportedly suffered a ransomware attack. That event took a swipe at the company’s corporate data that included customer and employee databases.
After announcing the data breach and hiring a cybersecurity firm to investigate the case, Carnival’s shares were down by 2%.
The second cyber incident within a year would negatively impact the company’s reputation, which recently announced resuming its services across regions. Recently, Carnival Corporation’s Ethics and Compliance (E&C) Program ended as a finalist for “Program of the Year” in Compliance Week’s 2021 Excellence in Compliance Awards!
Top Security Blog: Key Steps In Managing And Reporting A Cybersecurity Incident
We spoke to industry experts on the incident and how these cyberattacks could impact the travel industry that has been among the worst-hit industries during the pandemic.
Here’s what the experts had to comment:
Alexa Slinger, identity management expert at OneLogin:
“The travel industry, already hit hard by the pandemic, is now reopening to an expanding and evolving cyber threat landscape. This is the second cyberattack in the last year on Carnival Corporation and is unsurprising, as the tourism industry’s vulnerabilities continue to be exploited. The travel industry tends to rely on third-party vendors, such as booking portals and online platforms, making them an easy target for hackers seeking sensitive data. This breach serves as a reminder that all organizations must put preventative measures in place to protect themselves and their customers. Organizations can begin this process by building a comprehensive Trust & Security program that focuses on building an internal “Security First” culture, as well as the processes and technical controls used to protect the data they, or other 3rd parties, process and store. By making security a central component of the business and using a data-centric approach, organizations can protect their business against costly, possibly detrimental, breaches.”
Chris Hauk, consumer privacy champion at Pixel Privacy:
“I’m not surprised that there have been additional attacks against Carnival. The cruise line still apparently hasn’t taken efficient steps to protect itself from attacks like these. I can see the travel industry being an attractive target for the bad actors of the world. With the expected increase in vacation and business travel this coming year, all things travel will begin to look like appetizing targets for the bad actors of the world. My advice for organizations to help prevent unauthorized 3rd party access to data starts with updating all systems to ensure that the latest security patches have been applied. Always educate employees and executives as to the risk of opening links or attachments found in emails and text messages.”
Paul Bischoff, privacy advocate at Comparitech:
“At this point I would be extremely hesitant to trust the company with my personal information. As these attacks become a pattern instead of isolated incidents, I have to wonder whether Carnival is really prioritizing cybersecurity or if it’s just an afterthought. Carnival’s stock price hasn’t significantly suffered from any of its three recent data incidents. If shareholders continue to profit from the status quo, it’s unlikely the company will invest in better cybersecurity technology and talent.”
Earlier this week, Carnival announced its AIDA Cruises will sail to 20 countries and four continents on AIDAsol’s new world cruise.
Following collaboration with government officials, and evolving guidance from the U.S. Centers for Disease Control and Prevention (CDC), Princess is announcing its intent to return to service in the United States sailing from Los Angeles, San Francisco, and Ft. Lauderdale this fall.
All Princess ships offer TrulyTouchless™ experiences with more ways to support physical distancing and personalization that simplifies the guest experience and delivers next-level service supporting new health protocols.
[To share your insights, please write to us at email@example.com]