Cruise ship operator Carnival crippled by ransomware

Carnival has suffered a ransomware attack, putting the personal data of both customers and staff at risk.

The Florida-based cruise operator says that the incident, which was discovered on 15 August, affected the IT systems of one of its brands – which include Cunard, P&O, AIDA and Princess – although it hasn’t specified which one.

In a statement, the organisation says that it “does not believe the incident will have a material impact on its business, operations or financial results”.

This is a confident answer given the problems that organisations so often face following ransomware attacks. Just last week, Travelex collapsed into administration as it failed to bounce back from an attack on New Year’s Eve.

And as with Travelex, Carnival’s problems are likely going to be compounded by the coronavirus pandemic.

The organisation has already seen its share price drop by 64% since March, and last month it was forced to borrow another $1 billion (£760 million) in addition to the $7 billion that it had previously secured.

To make matters worse, Carnival has said that the cyber criminals who accessed its systems also downloaded a number of its data files, suggesting that the hackers may be planning a double-extortion attack.


Fortunately, despite Carnival’s certainty surrounding the security of its systems, it does acknowledge threats such as this and is responding with caution.

“Although we believe that no other information technology systems of the other company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other company’s brands will not be adversely affected,” the organisation said.

It added that it has notified law enforcement, contacted lawyers and hired incident response professionals to help manage the incident.

The Weekly Round-up: subscribe now

No Responses