The largest cruise line operator in the world has been hit by a ransomware attack, with customer data also believed to have been accessed.
Carnival Corporation, which operates more than 100 vessels across 10 different brands that include Carnival Cruise Line, Princess Cruises, and Costa Cruises, notified the U.S. Securities and Exchange Commission (SEC) this week after detecting the attack on August 15.
In its report to the SEC, Florida-based Carnival said that its investigation so far shows that the perpetrators accessed and encrypted some of its computer data, and also downloaded a number of data files. It added that it’s likely the security incident also saw “unauthorized access to personal data of guests and employees.”
The company said it believes the attack targeted only one of its brands, but added that at this stage it could offer no assurance that the computer systems of its other brands were not affected.
Digital Trends has reached out to the company to ask which brand suffered the attack, how many customers may have been impacted, what personal data may have been taken, and for details of the ransomware demand. We will update this piece when we hear back.
Carnival told the SEC that when it spotted the attack, it immediately notified law enforcement, and called upon the services of cybersecurity firms to bolster the security of its computer systems and help it in its investigation.
A ransomware attack uses malicious software to lock a computer system by encrypting files. Once locked, hackers demand payment from the owner of the system in return for a decryption key to regain access to the data.
Such incidents can cause huge disruption for victims — whether individuals or companies — with some feeling they have little choice but to pay the hackers. Retail currency dealer Travelex for example, reportedly paid $2.3 million to regain access to its systems following a ransomware attack at the start of this year, while GPS and fitness-tracker firm Garmin, which suffered a damaging attack last month, may have paid a substantial sum to get its systems up and running again.
To avoid falling victim to a ransomware attack, you should make sure your computer’s security software is fully up to date. You’re also advised to avoid clicking on unverified links in emails that could deliver the malware to your system or your company’s servers. Downloading files from sites you know little about is best avoided, too, and steering clear of unfamiliar USB sticks is also recommended.
If a company does fall victim to a ransomware attack, those with robust back-up procedures are usually best placed to deal with it as they can reset their systems using safely stored data.