World's largest cruise line operator discloses ransomware attack

Carnival Corp says it suffered a ransomware attack on Saturday, August 15, and that hackers stole some of its data.

cruise ship

Image: Alonso Reyes

Executive guide

Ransomware: One of the biggest menaces on the web

Everything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC's infected.

Read More

Carnival Corporation, the world's largest cruise ship operator, has disclosed today a security breach, admitting to suffering a ransomware attack over the weekend.

In an 8-K filing with the US Securities Exchange Commission (SEC), the company said the incident took place on Saturday, Aug. 15.

Carnival said the attackers "accessed and encrypted a portion of one brand's information technology systems," and that the intruders also downloaded files from the company's network.

The cruise line operator said it already started an investigation into the breach, notified law enforcement, and engaged with legal counsel and incident response professionals.

Based on a preliminary assessment of the incident, Carnival said it expects that the attackers gained access to some guest and employees' personal data.

Nonetheless, despite some fallout, including potential lawsuits, the company said it does not expect the incident to have a material impact on its "business, operations or financial results."

Carnival did not disclose any details about the incident itself, such as its name of the ransomware utilized to encrypt its network, or which of its many internal networks/brand was impacted.

Today, Carnival Corp is the largest cruise line operator in the world, with more than 150,000 employees and a fleet of 600 ships, owning multiple cruise line brands such as Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises (Australia), Costa Cruises, AIDA Cruises, P&O Cruises (UK) and Cunard.

Earlier this year, in March, the company disclosed a separate security breach, revealing that an intruder gained access to its internal network between April and June 2019, from where they stole the personal information for some of its guests.