Personal data belonging to guests, employees and crew of three Carnival Corporation brands were compromised in an August cyber attack on the group’s IT systems, the group has confirmed.
The 15 August attack, described then by the group as a "ransomware" event, was disclosed by Carnival Corp two days later, although it declined then to state which brands were affected.
Carnival Corp said the attackers were able to "access and encrypt" a portion of one of its brands’ information systems, adding data files were also downloaded by those responsible.
It subsequently referred itself to the Information Commissioner’s Office (ICO) in the UK, which has powers to fine firms up to 4% of their annual turnover for serious data breaches or cybersecurity incidents.
In an update issued on Tuesday (13 October), the group revealed the attack compromised personal data belonging to guests, employees and crew of Carnival Cruise Line, Holland America Line and Seabourn.
Its casino operations were also compromised, Carnival Corp confirmed.