The world's largest cruise operator, Carnival Corp, has suffered a ransomware attack resulting in the loss of customer data.
Carnival operates multiple different cruise companies, including AIDA and Princes. It is unclear which of these entities was attacked; the investigation is ongoing, but still in its infancy.
Although Carnival has remained largely quiet on the issue, the firm issued a brief statement on its website, explaining “certain data files” were downloaded as part of the attack and “a portion” of its IT systems were encrypted.
Usually, ransomware operators download sensitive data to use as leverage, to pressure the company into paying the ransom fee. If a business refuses to pay the ransom, the cybercriminals threaten to release the data online.
It is unclear how much Carnival is being asked to pay and whether or not the company will negotiate with the hackers. Carnival believes the attack will not leave a mark on its financial results.