Cruise operator Carnival, the company behind brands Cunard, P&O, Aida and Princess, has become the latest high-profile business to fall victim to a ransomware attack, with both customer and staff data being exposed.
The Miami-headquartered company, which is already suffering from the effects of Covid-19 on the travel industry, said the attack was discovered on August 15 when hackers encrypted “a portion” of the IT systems of one of its brands, although it has refused to elaborate.
Last month the firm was forced to borrow another $1bn to stay afloat due to a dearth in income; it had already secured $7bn.
The move coincided with the US Centers for Disease Control & Prevention extending its no sail order for the cruise industry, banning cruises from operating out of US ports until at least September 30. Meanwhile, the UK Government’s Foreign & Commonwealth Office has advised against all cruise travel, on sea or rivers, until further notice.
Carnival said in a statement: “The company does not believe the incident will have a material impact on its business, operations or financial results. Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.
“Although we believe that no other information technology systems of the other company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other company’s brands will not be adversely affected.”
Carnival said that it has notified law enforcement, engaged legal counsel and hired incident response professionals who are implementing containment and remediation measures.
UK organisations pay £210m in ransomware demands
National Trust among 125 hit by Blackbaud hack in UK
Crisis donors hit as fears grow over Blackbaud breach
Clients demand answers as cloud giant admits breach
UK universities are bottom of the class on data security
Pitney Bowes hit as Maze ransomware strikes again
Ransomware car crash hits digital transformation giant
Uber fined £900,000 over ‘complete disregard’ for data
Half of UK firms would pay ransom to avoid GDPR fine
TNT Express rocked as cyber attack wipes out $300m
WPP hit as new ransomware attack wreaks global havoc
UK firms ‘leaving themselves wide open to ransomware’