Carnival, the world’s biggest cruise line operator, suffered a ransomware attack on Saturday that exposed personal data on customers and employees, the company said in a Securities and Exchange Commission filing.
The intrusion, which hit the IT system of one of Carnival’s brands, led to a portion of the network being encrypted and some data being downloaded, the company said.
Legal or regulatory action could follow; Carnival raised the possibility of claims from “guests, employees, shareholders or regulatory agencies” because of the incident.
Carnival said it had hired “industry-leading” security firms to recover from the attack and it had notified law enforcement officials of the incident.
The cruise line giant did not identify who was responsible for the ransomware attack. In search of payouts to keep business humming, ransomware gangs have targeted companies in just about every sector.
Bleeping Computer was first to report on the incident at Carnival.