Carnival Corp. Brand Hit By Ransomware Attack

Carnival Corp. detected a ransomware attack on Aug. 15 that may have accessed guest and employee personal data, the company revealed in an SEC filing.

The attack accessed and encrypted a portion of one brand’s information technology systems, but the filing did not reveal which brand. The unauthorized access also included the download of certain data files.

Carnival Corp. and plc brands are Carnival Cruise Line, Princess Cruises, Holland America Line, Cunard, Seabourn, Costa, AIDA, P&O Cruises and P&O Australia.

Based on its preliminary assessment and information currently known, the company does not believe the incident will have an impact on its financial results.

“Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies,” Carnival said in the filing.

Carnival said it immediately launched an investigation, notified law enforcement and engaged legal counsel and other incident response professionals. The company also implemented containment and remediation measures.

The company is working with cybersecurity firms to immediately respond to the threat, defend the company’s information technology systems and conduct remediation.

The company also said it believes that no other brands under the Carnival Corp. and plc umbrella were impacted, but added: “there can be no assurance that other information technology systems of the other company’s brands will not be adversely affected.”