The world's largest cruise operator, Carnival Corporation, has released a statement reporting a ransomware-type cyberattack that accessed part of the IT systems of one of its brands and encrypted them. Unauthorized access also included downloading of some data files.
Based on a preliminary assessment, the company does not believe that the incident will have a material impact on its business, operations or financial results, although it acknowledges that unauthorized access to personal data of guests and employees was likely. Nor can it guarantee that other IT systems of the other brands of the business group have not been affected.
Carnival Corporation immediately launched an investigation and reported the incident to the police, and hired legal counsel and other cybersecurity incident response professionals. While the incident investigation is ongoing, the company has implemented a series of containment measures to strengthen the security of its IT systems.