Carnival Corporation detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems
Carnival Corporation & plc announce that its joint current report on Form 8-K was filed with the U.S. Securities and Exchange Commission on August 17, 2020 disclosing the following matter.
“On August 15, 2020, Carnival Corporation and Carnival plc detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files. ”
“Promptly upon its detection of the security event, the Company launched an investigation and notified law enforcement, and engaged legal counsel and other incident response professionals. While the investigation of the incident is ongoing, the Company has implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology systems. The Company is working with industry-leading cybersecurity firms to immediately respond to the threat, defend the Company’s information technology systems, and conduct remediation.”
“Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand’s information technology systems), the Company does not believe the incident will have a material impact on its business, operations or financial results. Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies. Although we believe that no other information technology systems of the other Company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other Company’s brands will not be adversely affected.”