Carnival Corporations, the largest cruise operator in the world, fell prey to a ransomware attack that accessed and encrypted a part of the brand’s IT systems, on Monday 17th Aug 2020.
The unauthorised access by unspecified ransomware was detected by one of the cruise brands belonging to the company.
While the company hasn’t specified which part of the systems had been attacked, it took to inform its passengers and customers regarding possible hacking of personal information.
Carnival Corporation has notified Law Enforcement and engaged legal counsel.
The investigation is currently at its early stages as nothing concrete has been determined yet. The company has also approached industry-leading firms to aid response to the threat and reinforce their security.
Dan Panesar, a specialist in security information has commented regarding the attack saying that the theft of personal data (and download of data files) appeared to have been a case of a ‘classic diversion ransomware attack’ suggesting that real focus of the attack had been to steal sensitive data.
The ransomware attack only adds another brick to Carnival Corporations’ burden as they continue to cope with losses owing to the current pandemic. The company had recently borrowed $1 billion in addition to the $7billion it had previously secured. It currently operates P&O Australia, P&O Cruises, Holland American Lines, AIDA and others in addition to Carnival and Princess Cruises.
A statement by Carnival Corporation said, “The company does not believe the incident will have a material impact on its business, operations or financial results…”
It also added that “although we believe that no other information technology systems of the other company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other company’s brands will not be adversely affected.”
The company had also been attacked last year in a case of phishing where personal information of passengers and employees like their social security numbers, credit card and passport details of those who had been on the Princess and Holland American Line cruises had been jeopardized.