Carnival Cruise Line ($CCL) recently suffered a ransomware attack that "accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files," the company disclosed in an SEC filing.
The ransomware attack investigation and mitigation efforts are ongoing, the indicated. It sounds like the company has hired external security consultants to assist the recovery, though specific MSSP (managed security service provider) names were not disclosed.The specific ransomware strain involved also was not disclosed.
Carnival does not believe the incident will have a material impact on its business, operations or financial results. But the company could face corporate compliance and regulatory fallout. The reason: Carnival expects that "the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies."
The attack comes as Carnival strives to manage costs amid the coronavirus pandemic. The cruise line industry recently extended the no-sail date to October 31.
How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.