World's biggest cruise line company hit by ransomware attack

The Carnival Cruise breach included "unauthorized access to personal data of guests."

Lyle Ratliff / reuters

The world’s largest cruise operator Carnival has revealed that it suffered a ransomware attack and security breach that could affect customer and employee data. The company disclosed the information in a US Securities Exchange Commission (SEC) 8-K filing (via ZDNet), saying that it occurred on last weekend on August 15th. “We expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims,” the form states.

Carnival added that attackers “accessed and encrypted a portion of one brand’s information technology systems,” without providing further details like the type of ransomware. The company suffered a separate breach last year which also potentially involved stolen customer data.

The massive cruise company owns a fleet of 100 or so ships with 120,000 employees and brands including Princess Cruises, Holland America, Costa Cruises and others. The security breach comes on top of the COVID-19 crisis that has essentially put a complete stop to all of its operations. However, Carnival said that it doesn’t expect the attack to have a material effect on its “business, operations or financial results.”

Update 8/20/2020 9:50 AM ET: The post originally stated that Carnival has 600 ships and 150,000 employees, but those numbers weren’t correct. The post has been updated with correct information. Thanks, Stewart!