Carnival, world's largest cruise line operator, falls victim to cyberattack

In a recent filing with the Securities and Exchange Commission, Carnival revealed that a brand it owns and operates has fallen victim to a ransomware attack.

"On August 15, 2020, Carnival Corporation and Carnival plc detected a ransomware attack that accessed and encrypted a portion of one brand's information technology systems," the company said, without revealing the name of the affected unit.

Carnival added in the filing that the hackers used the ransomware to gain unauthorized access to the personal information of its guests and employees.

Some of the data, the company emphasized, was also downloaded from their end and may lead to potential claims from customers, employees, shareholders, and regulatory agencies.

It did not specify what kind of data was stolen.

Carnival claims it is working with law enforcement as well as leading cybersecurity agencies to investigate the attack and secure/strengthen its systems, and that it doesn't expect that the incident would affect its business or operations.

However, plenty of questions still remain unanswered, including the type of ransomware used for the attack, what were the hacker's demands, and how much data was stolen.

Carnival noted in the filing that it believes its other brands were not hit by the attack but cannot give any assurances as the investigation is still in progress.

To note, the cruise operator, although currently struggling due to COVID-19 travel restrictions, boasts over 150,000 employees and 13 million annual guests under brands like Carnival, Costa, P&O, Princess, Holland America, AIDA, Cunard, and Seabourn.