Carnival Corporation announced it was the victim of a ransomware attack that may have resulted in guest and employee information being compromised.
The ransomware attack occurred on August 15 and the incident was noted in a SEC financial filing. The SEC filing didn’t say how many people’s personal information may have been accessed, and spokesman Roger Frizzell said in an email that the company wasn’t releasing any information other than what was in the securities filing.
The breach accessed and encrypted a portion of one brand’s information technology systems.
After discovering the attack, Carnival Corp. launched an investigation, notified law enforcement and engaged legal counsel and other incident response professionals.
Carnival is now working with cybersecurity firms to immediately respond to the threat, defend IT systems and conduct remediation.
Carnival did not disclose with of its brands was the victim of the attack, but they believe the attack was limited to one brand. Carnival did add that while it does not believe other brands were impacted, there is no guarantee that other IT systems of other Carnival brands have not be adversely affected.