Carnival hit by ransomware attack

The world’s largest cruise shipping company Carnival Corporation has fallen victim to a ransomware attack on August 15, the company said in a regulatory filing.

Image courtesy: Carnival

The attack accessed and encrypted a portion of one brand’s information technology systems, and included the download of certain of the company’s data files.

Having detected the unauthorized breach, the cruise giant launched an investigation into the attack, notified law enforcement, and engaged legal counsel and other incident response professionals.

Carnival said it had teamed up with industry-leading cybersecurity firms to respond to the threat, defend its information technology systems, and conduct remediation.

“Based on its preliminary assessment and on the information currently known (in particular, that the incident occurred in a portion of a brand’s information technology systems), the company does not believe the incident will have a material impact on its business, operations or financial results,” the company added.

“Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.”

The cruise liner giant doesn’t believe any other information technology systems of the other company’s brands had been impacted by this incident. However, it could not rule out a potentially adverse impact on other information technology systems on the other company’s brands.

The ransomware attack is being revealed on the back of the company’s pricing of $900 million second-priority senior secured notes due in 2027.

The company plans to use the net proceeds from the offering for general corporate purposes as it battles to cover for losses caused by the suspension of cruising due to COVID-19 impact.

” If we are unable to re-commence normal operations in the near-term, we may be out of compliance with a maintenance covenant in certain of our debt facilities as of May 31, 2021,” the company explained.

Carnival’s Costa Cruises brand intends to resume operations in September for Italian guests and calling at Italian ports only.

The departure dates for Costa Deliziosa and Costa Diadema are yet to be confirmed. All other cruises are paused until the end of September.

P&O Cruises has extended the pause until mid-November, while Holland America Line extended the pause to all departures through December 15, 2020.

There has been a massive 400% increase in attempted hacks since February 2020 coinciding with a period when the maritime industry turned to greater use of technology and working from home due to the Coronavirus pandemic, data from Israeli cybersecurity specialist Naval Dome shows.

Naval Dome ascribed the spike in malware, ransomware, and phishing emails to the Covid-19 crisis, adding that travel restrictions, social distancing measures, and economic recession are beginning to bite into a company’s ability to sufficiently protect itself.