Carnival Corporation, the world’s largest cruise ship operator, has disclosed today a security breach, admitting to suffering a ransomware attack over the weekend.
In an 8-K filing with the US Securities Exchange Commission (SEC), the company said the incident took place on Saturday, August 15.
Carnival said the attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network.
The cruise line operator said it already started an investigation into the breach, notified law enforcement, and engaged with legal counsel and incident response professionals.
Based on a preliminary assessment of the incident, Carnival said it expects that the attackers gained access to some guest and employees’ personal data.
Nonetheless, despite some fallout, including potential lawsuits, the company said it does not expect the incident to have a material impact on its “business, operations or financial results.”
Carnival did not disclose any details about the incident itself, such as its name of the ransomware utilized to encrypt its network, or which of its many internal networks/brand was impacted.
Today, Carnival Corp is the largest cruise line operator in the world, with more than 150,000 employees and a fleet of 600 ships, owning multiple cruise line brands such as Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises (Australia), Costa Cruises, AIDA Cruises, P&O Cruises (UK) and Cunard.
Earlier this year, in March, the company disclosed a separate security breach, revealing that an intruder gained access to its internal network between April and June 2019, from where they stole the personal information for some of its guests.
With thanks to the Cyber Defence Alliance and ZDNet. The full story is here: https://www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/#ftag=RSSbaffb68
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW