By now, you likely have heard the shocking news that Carnival Corporation experienced a data breach potentially impacting millions of people. How, exactly, did the information get leaked and what can be done to prevent yourself from being further victimized by the hackers?
What Carnival Is Saying
It’s important to note that the incident in question involves Carnival Corporation, meaning it stretches far beyond Carnival Cruise Line customers. While Carnival Cruise Line may be the best known of the impacted entities, the breach also impacts such subsidiary lines as Princess Cruises, Holland America Line, Cunard and more.
According to a letter being sent to those impacted, Carnival’s IT team first identified a potential issue involving an employee’s account being accessed by an “unauthorized actor” back on April 14. And while soon after, rumors began circulating, it was not until May 27 that Carnival began informing people via a letter.
“We have determined that your full name, address, email address, phone number and passport number were obtained” by the hackers, reveals the letter.
How Experts Say This Happened
ShinyHunters, the group which has claimed responsibility for the hack, is well known for having pulled off similar data breaches in the past. Ismael Valenzuela, the Vice President of Labs Threat Research and Intelligence at cybersecurity group Arctic Wolf, says that ShinyHunters “has been wreaking havoc across major brands, and the Carnival data breach shows just how effective their tactics have become.”
So what exactly is their preferred method? “By compromising a single employee account, the group gained access to internal systems and extracted large volumes of customer data,” explains Valenzuela.
He adds that the group’s playbook “hasn’t changed because it continues to work. They gain a foothold through identity-based attacks, move quickly to [remove] data at scale, and then use it for leverage under a pay-or-leak model.”
What You Should Do… Immediately!
“Anyone potentially impacted should assume elevated exposure,” says Valenzuela. As for what actions they should take, he suggests it’s best to “reset passwords, tokens and API keys that could have been exposed, enable phishing-resistant multi-factor authentification and closely monitor for suspicious or unauthorized account activity.”
To that end, those whom Carnival is reaching out to with word that their information was potentially breached are being offered “a complimentary 24-month membership to TransUnion’s credit monitoring.”
To do so, consumers must head to the TransUnion website armed with an activation code provided by Carnival Corporation. Codes can only be activated by August 31, after which they will no longer work.
It’s crucial that those potentially impacted monitor their email inboxes for an email from Carnival Corporation. These emails contain information about the breach, but may unintentionally wind up being directed to one’s spam email box.
Read Next: Carnival Reveals “Cut Off” Notice Scam
