Hackers access guests’ data in attack on cruise operator behind Cunard and P&O
The cruise giant behind Cunard and P&O Ferries has warned that hackers may have accessed personal details of its customers and staff after discovering an attack over the weekend.
Carnival said it had told regulators about the ransomware attack, which got into encrypted parts of its IT systems.
The Anglo-American company, which is one of the world’s largest cruise operators, said that it was still investigating the attack.
It added that hackers were able to download “certain of our data files”.
The hack hit only one part of one of Carnival’s brands, it said.
But the company declined to say what brand was affected and how many customers or staff have been impacted.
“We expect that the security event included unauthorised access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders or regulatory agencies,” it said.
It added: “Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand’s information technology systems), the company does not believe the incident will have a material impact on its business, operations or financial results. ”
The company has already hired lawyers and is working with “industry-leading cybersecurity firms” to respond to the threat, defend Carnival’s IT systems and start remediation.
The attack was discovered on Saturday, Carnival said.
It comes at a difficult time for the cruise giant which has been severely impacted by the Covid-19 pandemic.
Its many ships have been forced to stay in port for months as international travel is restricted and passengers are wary about getting back onto the seas.
Carnival added: “Although we believe that no other information technology systems of the other company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other company’s brands will not be adversely affected.”