Carnival Corp. today disclosed that an Aug. 15 ransomware attack accessed the personal data of guests and employees of Carnival Cruise Line, Holland America Line and Seabourn.
However, Carnival said there is a "a low likelihood of the data being misused."
Carnival first disclosed the attack on Aug. 18. At that time, it said one brand was impacted but did not disclose which one.
Carnival said today that although the investigation is ongoing, early indications are that an unauthorized third party gained access to certain personal information relating to some guests, employees and crew with those three brands and that casino operations were also targeted.
Carnival said that once it detected the unauthorized third-party access, its Information Security "acted quickly to shut down the intrusion, restore operations and prevent further unauthorized access." Carnival also engaged a major cybersecurity firm to investigate the matter and notified law enforcement and regulators.
"Working with its cybersecurity consultants, the company took steps to recover its files and has evidence indicating a low likelihood of the data being misused," Carnival said.
Carnival said it is working as quickly as possible to identify and notify the individuals whose personal information may have been impacted and expects to complete this process within 30 to 60 days. Affected individuals will be offered complimentary credit monitoring, the company said.