Carnival Corporation update on ransomware attack that accessed and encrypted information technology systems

   October 15, 2020 ,   Accidents

As it was earlier announced, Carnival Corporation & plc detected unauthorized third-party access to portions of its information technology systems on August 15, 2020.

Information Security at the company acted quickly in order to shut down the intrusion, as well as restore operations and prevent further unauthorized access. Carnival Corporation also notified law enforcement and appropriate regulators and engaged a major cybersecurity firm to investigate the matter.

While the investigation is ongoing, early indications show that in early August 2020 the unauthorized third party had gained access to certain personal information relating to some passengers, employees, and crew members for 3 of the Corporation’s brands - Holland America Line, Seabourn, and Carnival Cruise Line, as well as casino operations. Working with the cybersecurity consultants, the company had taken steps to recover its files and had evidence indicating "a low likelihood of the data being misused."

Carnival Corporation update on ransomware attack that accessed and encrypted information technology systems

Carnival Corporation & plc announced it was working as quickly as possible to identify the passengers, employees, crew members, and other individuals whose personal information might have been impacted. It expects to complete the process within the next 30-60 days and will then send notifications to all potentially affected individuals whose contact information is available to Carnival. Along with the individual notices, affected persons will be offered complimentary credit monitoring.

Meanwhile, Carnival has posted website notices and established a call center to answer questions regarding the accident. When the investigation is complete, all callers may confirm whether or not their information had been affected.

Your personal data will be processed and information from your device (cookies, unique identifiers, and other device data) may be stored by, accessed by and shared with third party vendors, or used specifically by this site or app. Some vendors may process your personal data on the basis of legitimate interest, which you can object to by managing your options below. Look for a link at the bottom of this page or in our privacy policy where you can withdraw consent.