Carnival Corporation & plc is a British-American cruise operator, currently the worlds largest travel leisure company, with a combined fleet of over 100 vessels across 10 cruise line brands.
The cruise line operates under the brands Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and their ultra-luxury cruise line Seabourn.
In an8-K filingwith the US Securities Exchange Commission , the cruise line operators revealed that the incident took place on August 15.
On August 15, 2020, Carnival Corporation and Carnival plc detected aransomwareattack that accessed and encrypted a portion of one brands information technology systems. The unauthorized access also included the download of certain of our data files, states the 8-K form filed with the SEC.
The Carnival IT staff confirms that the ransomware operators may have stolen personal data of guests and employees, according to the filing the unauthorized access also included the download of certain of our data files.
Based on its preliminary assessment and on the information currently known , the Company does not believe the incident will have a material impact on its business, operations or financial results.
Upon the discovery of the security incident, the Company launched an investigation and notified law enforcement, it also hired legal counsel and cyber security professionals. The company also announced to have already implemented a series of containment and remediation measures to respond to the incident and reinforce the security of its information technology systems.
The flaw could allowunauthenticated network-based attackers to bypassauthentication, it has been rated as critical severity and received a CVSS 3.x base score of 10.
Original article