International cruise company Carnival Cruise Lines has admitted that hackers gained access to several employee emails on two of its cruise liners, prompting a lengthy investigation.
The emails resulted in unauthorised third-party access to the accounts, leaving them open to further problems. The company says it acted quickly to shut down the attacks.
In a comment to PR Newswire, the company said: “In late May 2019, Princess Cruises identified a series of deceptive emails sent to employees resulting in unauthorised third-party access to some employee email accounts.
“The company acted quickly to shut down the attack and prevent further unauthorised access. It also retained a major cybersecurity firm to investigate the matter while reinforcing security and privacy protocols to further protect systems and information.
The hacker gained access to a important personal, including names, email addresses and health information of guests on the ships.
The statement continued: “The investigation revealed unauthorised third-party access to certain email accounts containing employee and guest personal information, including names, Social Security numbers, government identification numbers, such as passport numbers, national identity card numbers, credit card and financial account information, and health-related information.
“The company notified law enforcement of the incident and are notifying affected individuals where possible.
“Data privacy and protection are extremely important to Princess Cruises and the company regrets this incident. As part of its ongoing operations, the company is reviewing security & privacy policies and procedures and implementing changes when needed to enhance information security”.
- Tesco Issues New Clubcards After Customer Account Security Concerns
- NCSC Warns Hackers Could Use Baby Monitors to Spy on Victims
- Decoy Website Used to Fool Hackers into Sharing Tactics
This latest attack is one in a series of recent security breaches for businesses. Retail giant Tesco recently had to issue new Clubcards to 600,000 of its customers after a security concern on its systems, while the National Cyber Security Centre (NCSC) has warned parents that lack of cybersecurity could give hackers access to baby monitors to potentially spy on victims.
To try and combat these cybersecurity threats, researchers at the University of Texas have been developing a cybersecurity defence approach that fools hackers into using a decoy website to reveal their hacking secrets.
In the case of Carnival Cruise Lines, the only action taken by the hackers was sending deceptive emails to employees, and the other data gained does not appear to be misused. The company says that it is providing “identity protection services free of charge” to give customers affected peace of mind.