Floating COVID incubation tank becomes data-leaking ransomware rustbucket: Carnival admits crims made off with personal data booty

Floating COVID incubation tank becomes data-leaking ransomware rustbucket: Carnival admits crims made off with personal data booty

2020-08-19 09:28

Now the industry's biggest player, Carnival Corporation, has also come down with a case of ransomware.

The company on Tuesday issued a regulatory filing [PDF] in which it admitted: "On August 15, 2020, Carnival Corporation and Carnival plc... detected a ransomware attack that accessed and encrypted a portion of one brand's information technology systems. The unauthorized access also included the download of certain of our data files."

The filing also reveals that the company expects "That the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies".

The filing also said Carnival can't be completely sure that the incident did not hit more than one of its brands.

Perhaps ironically, the filing includes a section titled "Cautionary Note Concerning Factors That May Affect Future Results", which includes the boilerplate observation: "Breaches in data security and lapses in data privacy as well as disruptions and other damages to our principal offices, information technology operations and system networks... may adversely impact our business operations, the satisfaction of our guests and crew and lead to reputational damage."

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/19/carnival_plc_ransomware/

#personaldata #ransomware