Carnival Corporation is reportedly the target of a recent ransomware attack that may have compromised up to 8.7 million records, including names, dates of birth and other sensitive personal data.
The hacking group ShinyHunters has claimed responsibility for the attack, which reportedly spans some 40 companies. It has threatened to leak the data if its demands are not met.
The organisation is behind some of the largest data breaches that have surfaced in recent years. Past victims include Microsoft and multiple universities.
The threat was first detected after unauthorised online activity was found in a single user account.
The cruise line “acted quickly to shut it down and block any further unauthorised access and have notified law enforcement,” a Carnival Corporation spokesperson shared in a statement with TravelPulse.
“Data privacy and protection are extremely important to Carnival Corporation and we're working closely with trusted global security experts to be thoughtful and deliberate in our review of the data involved, recognising that anonymous reports circulating online are not always accurate,” according to the statement.
“If we determine personal information was affected, we will follow all disclosure requirements and communicate directly with any impacted individuals.”