Carnival Corporation Suffering From Ransomware Attack

Carnival Corporation has suffered a security breach over the weekend, admitting its systems were compromised by a ransomware attack.

In an 8-K filing with the US Securities Exchange Commission (SEC), the company said the incident took place on Saturday, 15 August 2020.

The attack appears to have affected Carnival UK operations with both P&O Cruises & Cunard reporting their call centres will remain closed for another day due to internal IT issues.

Carnival said the attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network.

In the document, the company stated: “On August 15, 2020, Carnival Corporation and Carnival plc (together, the “Company,” “we,” “us,” or “our”) detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files.

“Promptly upon its detection of the security event, the Company launched an investigation and notified law enforcement, and engaged legal counsel and other incident response professionals. While the investigation of the incident is ongoing, the Company has implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology systems.

“Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand’s information technology systems), the Company does not believe the incident will have a material impact on its business, operations or financial results. Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees.”

Earlier this year, in March, the company disclosed a separate IT breach, involving Holland America Line and Princess Cruises. A hacker gained access to its internal network between April and June 2019, stealing personal information for some of its guests.