Operator says investigation in to the cyber breach is at an early stage
Carnival Corporation cruise line brand his by ransomware attack
A probe has been started into an attack on one of Carnival Corporation brand’s IT systems over the weekend.
The ransomware attack that accessed and encrypted a portion of one brand’s systems on Saturday.
The admission followed Cunard and P&O Cruises revealing an ‘IT issue’ over the weekend which forced the closure of contact centres on Monday.
The US cruise giant did not disclose which of its brands was affected or provide more details, as the investigation process is at an early stage.
The unauthorised access included the down load of certain data files, Carnival Corporation said in a statement to the US Securities and Exchange Commission (SEC).
The company said that “we expect that the security event included unauthorised access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.
“Although we believe that no other information technology systems of the other company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other company’s brands will not be adversely affected.”
Ransomware is a type of malicious program used by hackers to take control of files in an infected system and then demand payments to recover them.
The corporation added: “Promptly upon its detection of the security event, the company launched an investigation and notified law enforcement, and engaged legal counsel and other incident response professionals.
“While the investigation of the incident is ongoing, the company has implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology systems.
“The company is working with industry-leading cybersecurity firms to immediately respond to the threat, defend the company’s information technology systems, and conduct remediation.
“Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand’s information technology systems), the company does not believe the incident will have a material impact on its business, operations or financial results.”
The IT attack comes as the group’s cruises remain suspended for months due to the Covid-19 pandemic and global travel restrictions.
A Carnival Corporation spokesperson said: “We are not discussing beyond the information in the 8K [SEC filing] at this point since it is early in the investigation process.”