The world’s largest cruise operator, Carnival Corporation, reported a cyber-attack that led to the theft of some of the company’s customers' data.
It was reported that on August 15 of this year, Carnival Corp recorded an attack using extortion software, in which attackers encrypted part of one of the company’s information systems and uploaded internal files.
A preliminary analysis of the incident indicated that the attackers could have obtained personal information from the customers and employees of the operator. Despite a possible leak, the company believes that the attack will not harm business and financial results. Carnival Corp has yet to divulge the details of the incident. It is not clear at this time which extortion software is involved or which internal networks were affected by the attack.
According to Bad Packets, the attackers could penetrate the network using the CVE-2019-19781 Citrix servers used by the operator.
This is the second data leak that the company has encountered recently. In March, Carnival Corp reported that between April and June 2019, unknown individuals had infiltrated its networks and stolen customer information.