- Carnival confirmed that its April ransomware attack affected 5,995,277 people.
- The stolen data included names, dates of birth, genders and member details.
- ShinyHunters leaked the data after ransom negotiations failed
Carnival Corporation, the world’s largest cruise line, said it had begun notifying those affected by the April ransomware attack, putting the number of victims at just under six million.
In late April this year, the company confirmed that it had suffered an attack on its supply chain and lost sensitive data on millions of customers. As the world’s largest cruise line, Carnival operates several brands, including Holland America Line. It was this subsidiary that was hit by the infamous ShinHunters collective, which listed it on its data leak site, claiming to have recovered 8.7 million records.
Among the stolen data were names, dates of birth, genders and membership status details, as well as Have I Been Pwned? later added that around 7.5 million emails were also compromised.
Credentials stolen by phishing
Today, the company filed a new report with the Maine Attorney General’s Office, sharing a sample of the letter sent to affected individuals and reporting exactly 5,995,277 victims.
In its letter, Carnival said the attack took place on April 14, after hackers tricked an employee into sharing access to “a limited portion of the company’s computer system.” The company also said it is now offering 24 months of free membership to TransUnion’s credit monitoring services, to help mitigate any potential consequences.
ShinyHunters leaked Carnival’s data to the dark web shortly after the breach, stating that negotiations with the company had failed. “The company has not reached an agreement with us despite our incredible patience,” the group was quoted as saying. “They don’t care.”
At the same time, ShinyHunters published data on around 40 different organizations, including Mytheresa, Zara, 7-Eleven, Pitney Bowes and Carnival.
“Carnival Corporation takes the privacy and security of your information seriously,” the company emphasized in the letter. “We deeply regret this incident and any concern it may cause.”
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
