Carnival Corp. ransomware attack affected three cruise lines
Social Security numbers, health data and other personal information may have been stolen in the attack
Cruise firm Carnival has revealed that hackers were able to access guests' and employees' personal information from three different cruise lines, in a ransomware attack on the 15th August. The company's casino operations of were also disrupted due to the incident, the company said.
Carnival owns all three of the hacked companies: Holland America Line, Carnival Cruise Line and Seabourn.
The British-American cruise operator anticipates that Social Security numbers, health data and other personal information may have been compromised, although there is a "low likelihood" of the data being misused.
Carnival is working with external cyber security experts to recover its data. The firm's IT teams are also working to identify all guests, crew, employees and other individuals whose personal information may have been compromised in the incident. The firm expects to complete the process in the next 30 to 60 days, after which all potentially affected individuals will be notified.
The company says it will offer complimentary credit monitoring to affected individuals, as appropriate.
Meanwhile, a dedicated call centre has been set up to answer individual queries about the incident.
On the 17th August, Carnival announced that it had identified a ransomware attack targetting some of its computer systems two days earlier.
The firm said its IT security teams took immediate steps to shut down the intrusion, prevent unauthorised access and restore operations. It also notified law enforcement and the appropriate regulators, and called a cybersecurity firm to investigate the matter.
"Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand's information technology systems), the Company does not believe the incident will have a material impact on its business, operations or financial results," Carnival said in August.
The firm says it is taking "all appropriate steps" to improve the security of its IT systems and to prevent a repetition of such incidents in future.