Exploit: Ransomware
Carnival Corporation: Cruise Line
Risk to Small Business: 1.903 = Severe Carnival has released a statement noting that on August 15 attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network. preliminary assessment of the incident, Carnival said it expects that the attackers gained access to some guest and employees’ personal data, but it is still investigating the incident. This is Carnival’s second breach this year after another breach was disclosed in March.
Individual Risk: 2.312 = Severe The investigation into exactly what data and what kind of data was stolen is ongoing. Carnival expects that both passenger and employee data has been impacted, but has offered no specifics. Anyone who has traveled on a Carnival cruise and staffers should be wary of phishing and identity theft attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Protection from ransomware starts with protection from phishing – including adding automated phishing protection and phishing resistance training to your security stack.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.