Carnival Corporation, the world’s largest cruise ship operator, has revealed a security breach involving a ransomware attack over the weekend.
The company stated that the incident took place on August 15 where the threat actors accessed and encrypted a portion of one brand’s information technology systems. They also downloaded files from the company’s network.
The cruise line operator had notified law enforcement and already started an investigation into the breach. They have also engaged with legal counsel and incident response professionals.
Carnival upon preliminary assessment of the incident, stated that the attackers might have attained access to some guest and employees’ personal data.
Despite some fallout, including potential lawsuits, the company believes that the incident will not have a material impact on its “business, operations or financial results.”
More details regarding the breach such as the name of the ransomware utilized to encrypt the network, or which of its many internal networks/brand was impacted were not revealed by the company.
Carnival Corp is the largest cruise line operator in the world having more than 150,000 employees and a fleet of 600 ships, owning multiple cruise line brands such as Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises (Australia), Costa Cruises, AIDA Cruises, P&O Cruises (UK) and Cunard.
The company also disclosed another security breach in March in which an intruder got access to its internal network between April and June 2019 and managed to steal personal information of some of its guests.