The largest cruise ship operator, Carnival Corporation & plc confirms data breach where the personal data of customers and employees were stolen.
Carnival Corporation is involved in both the S&P 500 and the FTSE 100 indices. Carnival employs a workforce of over 150,000 people from nearly 150 countries and hosts almost 13 million guests annually.
The company governs nine cruise line brands (Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Holland American Line, Princess Cruises, AIDA, Seabourn, Cunard,). Also, it operates Holland America Princess Alaska Tours, the leading company in Canadian Yukon and Alaska.
In an 8-K form filed with the US Securities Exchange Commission (SEC), the cruise line operators disclosed that the incident was detected on August 15, 2020. During the attack, a portion of one brand’s information technology systems was encrypted, and the unauthorised access also comprised the download of certain data files.
“Nonetheless, we expect that the security event included unauthorised access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies, ” states the 8-K form filed with the SEC.
According to the company, only one of its cruise line brands was affected by the security breach.
The company launched a cybersecurity firm to investigate the matter and notified law enforcement and regulators of the incident. The company also confirmed to have already executed a series of containment and remediation standards to respond to the attack and reinforce the security of its information technology systems.
“While at this time we do not believe that this information will be misused going forward or that this incident will have a material adverse effect on our business, operations, or financial results, no assurances can be given, and further, we may be subject to future attacks or incidents that could have such a material adverse effect, ” reported the company.
In a 10-Q form filed with the SEC Carnival announced that the unknown ransomware gang was able to gain entry to personal data of both employees and customers during the attack.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?