- Carnival confirmed that its April ransomware attack affected 5,995,277 people
- The stolen data included names, dates of birth, genders and membership details.
- ShinyHunters leaked data after failed ransom talks
Carnival Corporation, the world’s largest cruise company, said it began notifying people affected by the April ransomware attack, putting the number of victims at just under six million.
At the end of April this year, the company confirmed that it had suffered a supply chain attack and lost confidential data of millions of customers. As the world’s largest cruise company, Carnival operates multiple brands, including Holland America Line. It was this subsidiary that was attacked by the infamous ShinHunters collective, who listed it on their data breach site, claiming to have taken 8.7 million records.
Among the stolen data were names, dates of birth, genders and membership status details, and Have I Been Deceived? It later added that around 7.5 million emails were also compromised.
Credentials stolen through phishing
Now, the company filed a new report with the Maine Attorney General’s Office, sharing a sample of the letter sent to affected people and reporting exactly 5,995,277 victims.
In the letter, Carnival said the attack took place on April 14, after hackers socially engineered an employee into sharing access to “a limited portion of the company’s IT system.” The company also said it is now offering 24 months of free membership with TransUnion credit monitoring services, to help mitigate any potential consequences.
ShinyHunters leaked Carnival data on the dark web shortly after the breach, claiming that negotiations with the company failed. “The company was unable to reach an agreement with us despite our incredible patience,” the group reportedly said. “They don’t care.”
Suddenly, ShinyHunters published data on around 40 different organizations, including Mytheresa, Zara, 7-Eleven, Pitney Bowes, and Carnival.
“Carnival Corporation takes the privacy and security of your information seriously,” the company emphasizes in the letter. “We deeply regret this incident and any concern it may cause.”
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
