Carnival revealed they were a target in a recent ransomware attack that gained unauthorized access to and encrypted data on certain IT systems.
In a regulatory filing submitted to the U.S. Securities and Exchange Commission (SEC), the cruise ship operator Carnival Corporation & plc experienced the ransomware attack on August 15, 2020.
Based on initial assessment of the incident, Carnival does not believe the incident would have a material impact on the company’s business, operations or financial results.
However, Carnival also stated that “we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.”
Furthermore, Carnival said they launched an investigation and notified law enforcement promptly after the company detected the security incident.
“While the investigation of the incident is ongoing, the Company has implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology systems. The Company is working with industry-leading cybersecurity firms to immediately respond to the threat, defend the Company’s information technology systems, and conduct remediation,” Carnival noted in the SEC filing.
Earlier this month, the FBI also issued an alert Flash Alert warning for Netwalker Ransomware attacks against U.S. and foreign organizations.