Carnival Corporation is investigating a ransomware
attack identified on August 15 that accessed personal data of guests and
employees.
In announcing the attack, the company says it “accessed
and encrypted a portion of one brand’s information technology systems. The unauthorized
access also included the download of certain of our data files.”
As the investigations proceeds, Carnival says
it has taken steps to contain the situation and to reinforce its security
systems. It has also enlisted the help of cybersecurity firms.
“Based on its preliminary assessment and on
the information currently known (in particular, that the incident occurred in a
portion of a brand’s information technology systems), the company does not
believe the incident will have a material impact on its business, operations or
financial results,” Carnival says in a statement.
“Nonetheless, we expect that the security
event included unauthorized access to personal data of guests and employees,
which may result in potential claims from guests, employees, shareholders, or
regulatory agencies.”
Carnival Corporation is the largest cruise
line operator in the world, with more than 100 ships sailing under 10 brands
including Carnival Cruise Line, Princess Cruises, Holland America Line,
Seabourn and Cunard.
In March, Carnival Corporation’s Holland
America and Princess cruise lines revealed they had been subject to data
breaches that had taken place in May 2019 and accessed email accounts
containing both employee and guest personal information.
And just weeks ago, in late July, business
travel management company CWT
was hit with a ransomware attack, and according to reports, paid $4.5
million to hackers.
Marriott International, which revealed details of a breach in November 2018 and suffered a second attack earlier this year, is now facing a class action in London.