Carnival Corporation, the world’s largest cruise ship operator, has disclosed today a security breach, admitting to suffering a ransomware attack over the weekend.
In an 8-K filing with the US Securities Exchange Commission (SEC), the company said the incident took place on Saturday, August 15.
Carnival said the attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network.
The cruise line operator said it already started an investigation into the breach, notified law enforcement, and engaged with legal counsel and incident response professionals.
Based on a preliminary assessment of the incident, Carnival said it expects that the attackers gained access to some guest and employees’ personal data.
Nonetheless, despite some fallout, including potential lawsuits, the company said it does not expect the incident to have a material impact on its “business, operations or financial results.”
Carnival did not disclose any details about the incident itself, such as its name of the ransomware utilized to encrypt its network, or which of its many internal networks/brand was impacted.
Today, Carnival Corp is the largest cruise line operator in the world, with more than 150,000 employees and a fleet of 600 ships, owning multiple cruise line brands such as Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises (Australia), Costa Cruises, AIDA Cruises, P&O Cruises (UK) and Cunard.
Earlier this year, in March, the company disclosed a separate security breach, revealing that an intruder gained access to its internal network between April and June 2019, from where they stole the personal information for some of its guests.