Carnival PLC, which owns nine of the world's largest and best-known cruise lines, has announced that it has suffered a ransomware attack that encrypted some IT systems.
In a filing [pdf] to the United States Securities and Exchanges Commission watchdog, Carnival Corporation and PLC said it suffered the attack on August 15 this year.
User and employee data was stolen by the unnamed ransomware gang, which Carnival said could open up the company to legal action.
"We expect that the security event included unauthorised access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies," Carnival added.
Carnival did not say how extensive the attack was, but has engaged cyber security consultants to contain and remediate the infection.
The leisure ship company is the owner of Princess Cruises, which operates the Ruby Princess liner that landed in Sydney in March with hundreds of COVID-19 positive passengers disembarking.
Carnival believes that IT systems of its brands like Princess weren't compromised in the ransomware attack, but added that "there can be no assurance" that they were not adversely affected.