With the cruise holiday sector already facing ongoing anguish due to the effects of the Pandemic, we this week read that Carnival Corporation has taken another hit, having fallen victim to a ransomware cyberattack. This has seen personal data of both customers and staff of the cruise line operator put at potential risk.
It has been reported that the attack accessed an encrypted portion of its IT systems, although no details regarding customer numbers or brands affected have been released, while investigations by specialist cyber forensic specialists continue.
This is a separate incident from one that occurred in 2019 when the Corporation was reported to be the subject of a cyberattack, which resulted in unauthorised access to employee email accounts.
Sadly, the travel industry is an attractive target for hackers due to the volume of customers they handle and the extent of personally identifiable information (PII) they are required to take for bookings. If you consider that Carnival hosts almost 13 million passengers each year and the PII can include everything from full names, addresses and contact emails or telephone information to passport numbers and even payment data, travel companies may well be seen as a veritable gold mine for hackers.
It therefore remains a priority for firms to consider how all customer information is captured, encrypted and stored to reduce future potential risks. After all, prevention is better than a cure. We work with a wide range of organisations to create a secure way of handling credit card data when transacting over the phone or digital.
Organisations can avoid storing payment card data if descoping technologies are used. If integrated into contact centres, sensitive data will never enter the enterprise when payments are transacted over the phone, meaning the risk is substantially reduced as there is no payment data available for hackers to reach.
By using the right secure payment technologies to simplify a company’s route to PCI compliance, data security is improved. Plus, it clearly demonstrates to customers that the organisation they are dealing with has taken thorough steps to secure their data, providing the assurances consumers are looking for today.