Carnival Corp has been hit by hackers who stole personal data on passengers and employees, according to a form filed by the cruise giant with the US Securities and Exchange Commission Monday.
The cruise line said one its brands fell victim to a ransomware attack which accessed and encrypted its IT systems on August 15.
The cyber attack comes as Carnival Cruise Line unveiled its new Mardi Gras ship Sunday, complete with on-board rollercoaster, as it aims to draw back customers to the seas following a tumultuous year.
The cruise giant has been forced to cancel all voyages through to at least October 31, as the CDC no-sail order rumbles on until September and the industry struggles to get back on its feet after the COVID-19 pandemic sent it screeching to a halt.
Devastating outbreaks struck a number of ships in the Carnival fleet, including the Princess Cruises’ Diamond Princess and Grand Princess and Holland America’s Zandaam, killing several passengers and workers on board and leaving hundreds stranded at sea when ships were unable to dock.
In the latest blow for the company, Carnival said it detected the ransomware attack ‘that accessed and encrypted a portion of one brand’s information technology systems’ on Saturday.
The cruise giant wrote in the SEC filing that the hacker also downloaded data files.
The company added that it has found no other brand’s IT systems hacked but ‘there can be no assurance that other information technology systems of the other Company’s brands will not be adversely affected.’
An investigation has been launched and law enforcement and legal teams were notified, the company said.
‘While the investigation of the incident is ongoing, the Company has implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology systems,’ read the filing.
‘The Company is working with industry-leading cybersecurity firms to immediately respond to the threat, defend the Company’s information technology systems, and conduct remediation.’
Carnival said in the filing it does not believe the incident will damage the business and its financial results but admitted that the company could now be vulnerable to claims brought against it by passengers and employees whose personal information was stolen by the hackers.
‘Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand’s information technology systems), the Company does not believe the incident will have a material impact on its business, operations or financial results,’ the company wrote.
‘Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.’
It is not clear which cruise ship brand fell victim to the cyber attack or how many passengers and employees have been impacted.
A spokesperson for Carnival Corporation told DailyMail.com the company is not planning to discuss beyond the information in the filing at present because the investigation process is in the early days.
The attack took place one day before the cruise line – one of the big four lines alongside Royal Caribbean Cruises, Norwegian Cruise Line Holdings and MSC Cruises – announced it was rolling out a new ship for the 2021 season.
Carnival unveiled the design for its Mardi Gras ship Sunday, which will feature the BOLT roller coaster, six themed zones, 2,600 staterooms and restaurants from Emeril Lagasse, Guy Fieri and Shaquille O’Neal.
The ship is expected to take to the seas from Port Canaveral, Florida, in February – an optimistic move in the face of the ongoing pandemic.
The CDC has extended the no-sail order for the cruise ship industry through to the end of September, after it was first issued back on March 14.
The order led Carnival to cancel all voyages through to ‘at least’ October 31, backtracking on its original plan to get ships back to the waters from August.
In July, the company also announced it was reducing is fleet by 15 ships as it struggles to stay afloat following several months of its ships void of passengers.
‘To reduce our cash burn and have a more efficient fleet we have aggressively shed less-efficient ships,’ CEO Arnold Donald said.
The cruise industry was rocked more than most by the pandemic as all four of the world’s largest cruise lines were struck by outbreaks, as well as several smaller lines.
The lines came under fire for their slow response as they continued to send ships out to sea even after a series of outbreaks on board and repeated warnings from health experts that the high numbers of people in contained spaces on the ships made them breeding grounds for the virus.
It was early February when the doomed Diamond Princess – owned by parent company Carnival – was ordered to stay at sea off the coast of Japan for two weeks after a deadly outbreak struck passengers and crew.
In the worst cruise ship crisis to date, more than 700 people tested positive and 13 died after being on board the ship.
But despite the warning signs, companies continued to send their ships to sea for another month until more than 50 cruise lines finally announced they were suspending operations to and from US ports for 30 days on March 13.
Weeks after the Diamond Princess case, another Princess ship was struck by an outbreak, when two passengers and 19 crew members on the Grand Princess cruise ship tested positive for coronavirus in early March.
The ship docked in Oakland, California, on March 9 with 3,500 on board and people were repatriated and sent to army bases for quarantine.
At least 100 cases have been linked to the Grand Princess and at least two deaths.
The Holland America Zaandam – another Carnival-owned ship – was stuck at sea after it set sail on March 7 and people began showing symptoms of coronavirus.
The ship was turned away by several ports in Latin America and Florida.
The Zandaam and its sister ship the Rotterdam – which had met the infected ship and taken healthy patients on board – were finally allowed to dock in Florida on April by which time four people had died and more than 190 had flu-like symptoms.
Carnival Corp. is now being investigated by Congress for its handling of COVID-19 onboard its ships and hundreds of passengers have filed lawsuits against the firm.
More than five months after voyages were halted, more than 12,000 cruise ship workers are reportedly still stranded at sea in US waters, Brittany Panetta, a lieutenant commander and spokesperson for the US Coast Guard told USA TODAY.
A total of 57 liners are ‘moored, at anchor, or underway in vicinity of a U.S. port, or with potential to arrive in a U.S. port, with approximately 12,084 crew members,’ she said.