- Carnival has confirmed a supply chain breach affecting its Holland America Line loyalty program, with millions of customer records exposed
- ShinyHunters claimed responsibility by leaking 8.7 million records, including personal information and millions of unique email addresses.
- Carnival acknowledges the incident and notifies authorities, but downplays its scope, describing it as a phishing compromise of a single account.
Carnival Corporation has confirmed that it suffered a supply chain attack that resulted in the loss of sensitive data belonging to millions of customers.
As the world’s largest cruise line, Carnival operates several brands that operate cruise ships and offer leisure travel options. One of its subsidiaries is Holland America Line, a premium cruise line that operates mid-sized ships and has a loyalty program called Mariner Society.
The infamous ShinyHunters collective added Holland America Line to its data leak website, claiming to have collected 8.7 million records, including names, dates of birth, genders and membership status details.
Article continues below
Confirmation of violation
The hackers apparently leaked the data because Holland America Line never bothered to discuss paying a ransom:
“The company has not reached an agreement with us despite our incredible patience,” the group was quoted as saying. “They don’t care.”
Within those 8.7 million records, there were at least 7.5 million unique email addresses and the Have I Been Pwned? note.
In a statement made to Cruise HiveCarnival said it “acted quickly” to stop the attack, as soon as it was spotted, and ensured the intruders stayed away, before also notifying police.
“Data privacy and protection are extremely important to Carnival Corporation and we work closely with trusted global security experts to be thoughtful and deliberate in our review of the data involved, recognizing that anonymous reports circulating online are not always accurate,” a spokesperson said.
“If we determine that personal information has been affected, we will comply with all disclosure requirements and communicate directly with all affected individuals.”
The company allegedly seriously downplayed the incident by reporting Have I Been Pwned? that the breach involved a phishing trail against a single user account.
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
