carnival data breach

Carnival Corporation, the largest cruise ship company in the world, announced that it had experienced a data breach following a ransomware attack on their systems.

In an 8-K filing with the Securities and Exchange Commission (SEC), the company announced that it had “detected a ransomware attack that accessed and encrypted a portion of one [their] brand’s information technology systems,” adding that the hackers responsible downloaded “certain” data files.

“Promptly upon its detection of the security event, [we] launched an investigation and notified law enforcement, and engaged legal counsel and other incident response professionals,” the announcement stated. 

While the company stated that the breach would be unlikely to have a “material effect” on its business, they did anticipate potential claims from “guests, employees, shareholders, or regulatory agencies.” 

Carnival has declined to provide further details or information about the type of ransomware used to compromise their systems, the severity of the breach, or the nature of the information that was accessed, indicating that it is still “early in the investigation process.”

Read the 8-K filing here.