P2020-ND-105

Carnival Cruise Line a division of Carnival Corporation

The Organization engaged a vendor for certain web development, support and related services including the design and configuration of a job portal hosted on Amazon Web Services cloud computing infrastructure (AWS). On October 29, 2019, the vendor advised the Organization that an intruder had deleted two databases from the portal. The vendor determined that a legacy module not used but available in the codebase was the cause of the incident. The Organization does not have evidence of unauthorized access or use of the information in the databases. However, this cannot be ruled out. Further, the attacker demanded a ransom.

File Type: pdf
Categories: 2020
Tags: Unauthorized access