[Security Weekly] Carnival Cruises Disclose a Fourth Data Breach Over a Period of 15 Months

  1. Carnival cruises disclose a fourth data breach over a period of 15 months

Carnival Corporation & plc, the world’s largest travel company that operates some of the major cruise lines, disclosed another data breach incident that affected the Carnival Cruise Line, Holland America Line, and Princess Cruises, making it the fourth data breach incident the company had suffered over the past 15 months.

According to a breach notification letter sent to its customers on June 17, the company detected unauthorized access to a “limited” number of IT systems and email accounts back on March 19, which may have leaked customer and employee information collected from booking and onboard activities. The compromised data contained names, dates of birth, passport numbers, home addresses, phone numbers, social security numbers (SSN), as well as COVID-19 test results.

Carnival Corp. has been suffering continuous cyberattacks since the beginning of the COVID-19 pandemic, with two of them being ransomware attacks. Other industries in the travel and tourism sector, such as hotels and airlines, have also suffered similar breaches recently. The massive amounts of personal data these industries hold make them attractive targets for financially motivated hackers. Hence cybersecurity must be taken as a priority.

Sources: Threatpost, SC Media

 

  1. Ransomware attack at fertility clinic compromises sensitive data of 38,000 patients

Reproductive Biology Associates (RBA), a fertility clinic in Georgia, US offering the first IVS program in the state, disclosed a ransomware attack incident that led to the compromise of personal and medical data belonging to 38,000 patients.

According to the breach notification letter, RBA first discovered the attack on April 16 when a database server containing embryology data was encrypted by ransomware. Follow-up investigations suggested that the attackers first gained access to its IT network on April 7, then got into a server containing medical data on April 10. Prior to deploying ransomware, the attackers stole sensitive data including the patients’ names, home addresses, social security numbers (SSN), and medical test results.

Investigations lasted until June 7, when the clinic finally confirmed the attack. At this time, RBA said that all the encrypted data had been restored and that the attackers had destroyed the stolen data, implicitly suggesting that a ransom payment was made.

Sources: ZDNet, Infosecurity

 

  1. US grocery chain Wegmans discloses data breach due to cloud misconfigurations

Wegmans Food Markets, a US-based grocery store chain, disclosed a data breach that originated from two misconfigured cloud databases, resulting in the exposure of sensitive customer data.

Wegmans said that it was first notified of the misconfiguration on April 19 by a security researcher, of which two cloud databases containing internal data were left open to the public. However, it was unclear for how long the databases were exposed prior to the discovery.

The databases contained customer information such as names, dates of birth, home addresses, phone numbers, email addresses, membership IDs, and salted and hashed passwords for Wegmans’ online accounts. Wegmans reassured that social security numbers (SSN) and payment details were not compromised.

Prior to the discovery of the misconfigured databases, Wegmans suffered a credential stuffing attack that affected 2,700 accounts back in January. As such, it is highly likely that the credential stuffing was deployed using the leaked information from these databases.

Sources: SC Media, Bleeping Computer

Cofence
Cisco
mimecast
IBM
Logpoint
Qualys
cyberfish
ExtraHop
netskope
SentinelOne
Rapid7
zscaler
fortinet
thycotic
Crowdstrike
Securonix logo
ThreatX logo