Cruise giant Carnival Corporation & plc (NYSE/LSE: CCL; NYSE: CUK) today released an update on the August 15 cyberattack on parts of its IT systems.
“Information Security at Carnival Corporation acted quickly to shut down the intrusion, restore operations and prevent further unauthorized access,” says the company, adding that it also engaged a major cybersecurity firm to investigate the matter and notified law enforcement and appropriate regulators of the event.
Carnival says that, while investigation is ongoing, early indications are that in early August the unauthorized third party gained access to certain personal information relating to some guests, employees and crew for three of the corporation’s brands—Carnival Cruise Line, Holland America Line and Seabourn—as well as casino operations. Working with its cybersecurity consultants, the company took steps to recover its files and now says it has evidence indicating a low likelihood of the data being misused.
Carnival says it is working as quickly as possible to identify the guests, employees, crew and other individuals whose personal information may have been impacted. The company expects to complete this process within the next 30 to 60 days and will then send notifications to potentially affected individuals whose current contact information is available to the company. Along with those individual notices, affected individuals will be offered complimentary credit monitoring, as appropriate.