One of Carnival's brands detected a ransomware attack

[CineGraphic]

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.

 

https://www.marketwatch.com/story/carnival-detects-ransomware-attack-2020-08-18

 

Carnival detects ransomware attack

Published: Aug. 18, 2020 at 2:39 a.m. ET

 

Carnival PLC said Tuesday it has detected a ransomware attack that it expects included unauthorized access to personal data of guests and employees.

The cruise operator said the attack encrypted a portion of one brand's information-technology systems, and also downloaded certain company data files.

The company said it identified the incident on Aug. 15, after which it launched an investigation and notified law enforcement, and engaged legal counsel and other incident-response professionals.

Carnival said it is working with cybersecurity firms to respond to the threat defend its systems, and conduct remediation.

 

Carnival said it doesn't believe the incident will have a material impact on its business, operations or financial results, based on its preliminary assessment. However, it may result in potential claims from guests, employees, shareholders, or regulatory agencies, the company said.

 

 

[Roberto256]

Already posted in this thread:

 

 

 

[bstrauss3]

Truth to be told, Carnival Corp. has NOT identified the brand. 

 

That Princess has call center and computer problems at the same time and none of the other brands have any such reports is certainly suspicious... but...

[CineGraphic]

20 minutes ago, bstrauss3 said:

Truth to be told, Carnival Corp. has NOT identified the brand. 

 

That Princess has call center and computer problems at the same time and none of the other brands have any such reports is certainly suspicious... but...

I read on the HAL forum that HAL phones were down too

[CineGraphic]

1 hour ago, Roberto256 said:

Already posted in this thread:

 

 

 

If I saw that earlier, do you think that I would post this?

What's the point?

[crimson moon]

The UK Call centres for P & O and Cunard have been down since the weekend.

[Bgwest]

3 hours ago, CineGraphic said:

If I saw that earlier, do you think that I would post this?

What's the point?

I guess his/her point would be that you familiarize yourself with existing posts in advance of covering old ground. 

[CineGraphic]

1 hour ago, Bgwest said:

I guess his/her point would be that you familiarize yourself with existing posts in advance of covering old ground. 

A little late, no?

With 170+ threads about refunds, surely there are better things to do than point out something that changes nothing. I saw no post with anything about the ransomware attack....very easy to miss it in a post about the phones being down. Sorry.

Edited August 18, 2020 by CineGraphic

[Grego]

13 hours ago, CineGraphic said:

A little late, no?

With 170+ threads about refunds, surely there are better things to do than point out something that changes nothing. I saw no post with anything about the ransomware attack....very easy to miss it in a post about the phones being down. Sorry.

Don't worry about it and you probably won't.  I didn't see a thread related to the ransomware issue either and if it was buried in a thread related to yet another "let's find another negative thing to point out until we submit another post related to not getting their refund" then I would have passed by that too.

Stay well and think #PrincessStrong!

 

[-Lew-]

20 hours ago, Roberto256 said:

Already posted in this thread:

 

19 hours ago, CineGraphic said:

If I saw that earlier, do you think that I would post this?

What's the point?

 

As Regis Philbin used to say, No good turn goes unpunished.

 

Thank you, @CineGraphic, for your post...  

[Cruise Raider]

21 hours ago, CineGraphic said:

A little late, no?

With 170+ threads about refunds, surely there are better things to do than point out something that changes nothing. I saw no post with anything about the ransomware attack....very easy to miss it in a post about the phones being down. Sorry.

 

Don't be sorry.  I'd have never thought to look in a thread for this important information in a post that was titled 'phones are down'.  I'd have just never read that thread ... it doesn't matter to me if the phones are down. 

Anyway ... I thank for posting this!!  

 

BTW, I used to work in a department in which each incident opened generated a new number.  It started with the year and then an incident number.  If we found the incident didn't need to be reported, we could delete it, but that number wouldn't be reused as they went in sequential order, which made perfect sense.  This woman I worked with would get so mad if you created and then deleted an incident.  I asked her what the problem was and, no lie, this is what she answered:  'You're using up all the numbers".  OMG ... I just about fell on the floor laughing.  They were digital!!  

Edited August 19, 2020 by Cruise Raider

[Roberto256]

On 8/18/2020 at 1:21 PM, CineGraphic said:

If I saw that earlier, do you think that I would post this?

 

Probably.

 

[pcur]

In any case we should all reset our Princess password, just to be cautious. 

 

I know the horse is out of the barn, so to speak, but I don't want the horse back in the barn!!  If the bad guys want to use my data, they can have the old stuff they stole.

Edited August 20, 2020 by pcur

[Josy1953]

On 8/18/2020 at 5:58 PM, bstrauss3 said:

Truth to be told, Carnival Corp. has NOT identified the brand. 

 

That Princess has call center and computer problems at the same time and none of the other brands have any such reports is certainly suspicious... but...

P&O cruises in UK are also experiencing call centre IT problems.

[Mike45LC]

3 hours ago, pcur said:

In any case we should all reset our Princess password, just to be cautious. 

 

I know the horse is out of the barn, so to speak, but I don't want the horse back in the barn!!  If the bad guys want to use my data, they can have the old stuff they stole.

If my credit card info is stolen, that is of concern, but what is the worst thing that can happen if some hacker gets my Princess account and password?   

[AlanF65]

1 hour ago, Mike45LC said:

If my credit card info is stolen, that is of concern, but what is the worst thing that can happen if some hacker gets my Princess account and password?   

They have your full legal name, birth date, part of the passport number mailing address, email address. So lots for hacker to use to try and take an identity.

 

login and click on your profile to see what they have access to.

 

 

But this breach was ransomware, they didn't take anything, they deployed a bot that encrypted data and charge for the decryption, most the bots are just giving you access to your data, not taking your data.

 

A-

Edited August 20, 2020 by AlanF65

[-Lew-]

1 hour ago, AlanF65 said:

They have your full legal name, birth date, part of the passport number mailing address, email address. So lots for hacker to use to try and take an identity.

 

But this breach was ransomware, they didn't take anything, they deployed a bot that encrypted data and charge for the decryption, most the bots are just giving you access to your data, not taking your data.

 

Partial passport and credit card numbers are visible; however, those numbers in full are in our files.  True, it was randomware, but I doubt Carnival really knows what data was compromised.

 

I changed our Princess and HAL Passwords and urge others to do the same for all Carnival owned cruise lines.

[Aulanis]

9 hours ago, AlanF65 said:

But this breach was ransomware, they didn't take anything, they deployed a bot that encrypted data and charge for the decryption, most the bots are just giving you access to your data, not taking your data.

 

If it is ransomware  and they have not taken the data but have  encrypted it,  assuming the ransom has not been paid how  come we can see our account details?   Doesnt seem much point in changing the password for Princess  BUT if they HAVE  stolen the password  and you have used it elsewhere perhaps that is where

you should be changing it.

 

I know nothing  so it may be a silly question.

Edited August 21, 2020 by Aulanis

[-Lew-]

2 hours ago, Aulanis said:

If it is ransomware  and they have not taken the data but have  encrypted it,  assuming the ransom has not been paid how  come we can see our account details?

 

How do we know they have not taken data...because Carnival has not admitted such?  I'll take the advisable course to change my password...it's very cheap insurance.

 

2 hours ago, Aulanis said:

Doesnt seem much point in changing the password for Princess  BUT if they HAVE  stolen the password  and you have used it elsewhere perhaps that is where you should be changing it.

 

...and why are you using the same password on different websites?

 

So, you're recommending changing the password elsewhere, but not on the Princess website?  How does that make sense?

[Aulanis]

4 hours ago, -Lew- said:

 

How do we know they have not taken data.

 

 

..and why are you using the same password on different websites?

 

 

Largely because  @AlanF65   said so.

 

.. and I dont , but thought I would mention it as a warning to others.

 

[AlanF65]

7 hours ago, Aulanis said:

 

If it is ransomware  and they have not taken the data but have  encrypted it,  assuming the ransom has not been paid how  come we can see our account details?   Doesnt seem much point in changing the password for Princess  BUT if they HAVE  stolen the password  and you have used it elsewhere perhaps that is where

you should be changing it.

 

I know nothing  so it may be a silly question.

I would guess they either paid or identified when and the source of the ransomware and were able to restore to a safe point without losing data.

We are a small business but we are setup with a variety of backups both onsite and offsite and in the cloud. The most data we will ever lose is 1/2 an hour and our service provider keeps servers on the shelf to deploy in an emergency.

 

There are times where our plant is running 24x7 and we can't lose calendar days or hours if there is an outage or interruption.

 

I would imagine despite all the customer front end issues with the portal, the back end is well backed up and maintained, its just too much money to not have a serious recovery plan in place. I would guess the infection probably came from someone working at home on their own PC over a VPN and they were able to infect the servers that route.

 

A-

 

We use a different method than VPN from non company owned and managed PCS to connect remotely because we can't control whats on our employees personal pc's.

 

My Princess password is unique and randomly generated, as is every account I have. I use roboform on all browsers including my phones and tablets I click the generate new password button and it comes up with fS@NQ_Tr!rqhgw87.

On sites that don't require email as username I also randomly generate my user name. Sites like this site I make different but identifying user name with a randomly generated password.

 

The old logic of keeping you password on a slip of paper was bad is not as valid anymore, nowadays most break-ins are over the internet so keeping a "password" file on you drive or cloud is what people want, that and phishing scams.

 

 

 

 

 

 

 

 

 

 

 

[Pierlesscruisers]

On 8/19/2020 at 12:28 PM, Cruise Raider said:

BTW, I used to work in a department in which each incident opened generated a new number.  It started with the year and then an incident number.  If we found the incident didn't need to be reported, we could delete it, but that number wouldn't be reused as they went in sequential order, which made perfect sense.  This woman I worked with would get so mad if you created and then deleted an incident.  I asked her what the problem was and, no lie, this is what she answered:  'You're using up all the numbers".  OMG ... I just about fell on the floor laughing.  They were digital!!  

 

Yep, you don't want to use up all the numbers. That means that the supply section has to put in another "Numbers Purchase Request (NPR)" and those higher numbers cost more because you have to buy more digits, you know.

 

Ah, ya gotta keep those expenses down.

Tom

[pcur]

2 hours ago, AlanF65 said:

My Princess password is unique and randomly generated, as is every account I have. I use roboform on all browsers including my phones and tablets I click the generate new password button and it comes up with fS@NQ_Tr!rqhgw87.

On sites that don't require email as username I also randomly generate my user name. Sites like this site I make different but identifying user name with a randomly generated password.

 

The old logic of keeping you password on a slip of paper was bad is not as valid anymore, nowadays most break-ins are over the internet so keeping a "password" file on you drive or cloud is what people want, that and phishing scams.

 

 

 

 

 

 

 

 

 

 

 

 

I LOVE Roboform!!  It changed my life when I had to keep track of finances and whatever for us, my MIL, my father, and some for my son.  I use it all the time.

[caribill]

On 8/18/2020 at 11:58 AM, bstrauss3 said:

Truth to be told, Carnival Corp. has NOT identified the brand. 

 

 

I received a letter Tuesday from Holland America saying there was a data breach detected August 15.

 

They were able to recover all files and says there is "a low likelihood of the data being misused" and are offering 12 months of free credit monitoring and identity theft detection services.

 

Impacted information accessed included that of guests, employees and crew and includes names, addresses, phone numbers, passport numbers and dates of birth. It does not mention credit card information or passwords being part of this.

[shellbeachjim]

8 hours ago, caribill said:

 

I received a letter Tuesday from Holland America saying there was a data breach detected August 15.

 

They were able to recover all files and says there is "a low likelihood of the data being misused" and are offering 12 months of free credit monitoring and identity theft detection services.

 

Impacted information accessed included that of guests, employees and crew and includes names, addresses, phone numbers, passport numbers and dates of birth. It does not mention credit card information or passwords being part of this.

I received a similar letter yesterday from Seabourn. I found this odd because we’ve never sailed or even booked on Seabourn.