Carnival Corporation & Plc hit by a ransomware attack

Carnival, the world’s largest cruise operator (102 vessels and roughly 50% of the global cruise market, representing around 225,000 passengers on board every day), announced that it had been the victim of a ransomware cyberattack on August 15, 2020 (1 2). Two ships belonging to the group had already been affected by a cyberattack in May 2019.

The attack, detected by the company, resulted in unauthorized access to part of the group’s information systems, with some systems subsequently encrypted. The intrusion also led to the download of certain data files, although the company did not specify the type of information involved.

Carnival has launched an internal investigation, notified law enforcement authorities, and indicated that it intends to file a formal complaint. The company also confirmed that it engaged external cybersecurity experts to support incident response. At the same time, Carnival stated that containment and remediation measures had been implemented to address the incident and strengthen the security of its information systems. The group is working with recognized cybersecurity firms to respond to the threat, defend its systems, and conduct remediation activities.

Based on the information currently available, the company believes the attack is unlikely to have a material impact on its business operations or financial performance. However, it acknowledged that the incident may have involved unauthorized access to personal data belonging to passengers and employees, which could potentially lead to claims or regulatory actions.

Ongoing investigations should clarify whether other parts of the group’s information systems were affected.

In April 2020, it should be recalled that MSC had also been affected by a cyberattack.