Description: In December 2020, AIDA Cruises faced a severe IT disruption attributed to a **DoppelPaymer ransomware attack**, crippling critical systems including phone and email communications. The incident forced the cancellation of **New Year’s Eve cruises**, including the *AIDAperla* voyage, leaving passengers stranded and operations paralyzed. The company publicly acknowledged the outage via website notifications, confirming that customers could not reach them through standard channels. While the full scope of data compromise remains undisclosed, the attack disrupted core business functions, leading to **financial losses from canceled bookings**, **reputational damage**, and **operational downtime**. The ransomware’s impact extended beyond IT systems, directly affecting customer trust and revenue streams during a peak holiday period. The incident underscores the vulnerability of the travel industry to cyber extortion, particularly when critical infrastructure like communication platforms is targeted.

Description: AIDA Cruises fell prey to a ransomware attack which disconnected all its ships from the internet. The cruise line informed its passengers that they had IT restrictions and because of that they had to cancel the trip. The attackers have shared ransom demand note with the AIDA or else they will leak sensititve informtion.

Description: The California Office of the Attorney General reported that Carnival Corporation & PLC experienced a data breach involving unauthorized access to employee email accounts between April 11, 2019, and July 23, 2019. The incident potentially compromised personal information including names, addresses, Social Security numbers, and financial information, affecting an unspecified number of individuals. The breach was reported on March 3, 2020.

Description: The Maine Attorney General's Office reported a data breach involving Carnival Corporation on October 16, 2020. The breach occurred on August 4, 2020, due to an external system breach (hacking), affecting approximately 37,500 individuals in total, with 8 residents specifically impacted. Notifications to potentially affected individuals began on October 13, 2020, following the discovery of the breach on September 29, 2020.

Description: The California Office of the Attorney General reported on October 18, 2021, that Carnival Corporation and plc experienced a data breach with unauthorized access to email accounts detected on March 19, 2021. The impacted personal information may include names, addresses, phone numbers, passport numbers, and health information, but the total number of individuals affected is unknown.

Description: On August 15, 2020, Carnival Corporation and plc experienced a data breach due to unauthorized third-party access to its IT systems. The incident, reported by the California Office of the Attorney General on February 4, 2021, exposed sensitive personal information of both guests and employees. Compromised data included names, addresses, passport numbers, and Social Security numbers—highly sensitive identifiers that could lead to identity theft, financial fraud, or targeted phishing attacks. The breach underscored vulnerabilities in Carnival’s cybersecurity defenses, raising concerns about the protection of customer and employee data. Given the nature of the stolen information, the incident posed significant risks of long-term reputational damage, regulatory scrutiny, and potential legal liabilities. The exposure of passport and Social Security numbers, in particular, elevated the severity, as such data is often exploited in large-scale fraud schemes or sold on dark web marketplaces. Carnival’s failure to prevent the breach highlighted systemic weaknesses in safeguarding critical personal data against sophisticated cyber threats.

Description: Carnival Corporation, the world”s largest cruise line operator suffered a ransomware attack involving unauthorized access and encryption of data. A ransomware attack that gained access to and encrypted a portion of one brand's information technology systems was discovered by Carnival Corporation and Carnival plc, the business stated. Carnival anticipates lawsuits from its visitors, employees, and shareholders alleging that the attack may have involved improper access to customer and staff personal information.

Description: In May 2019, Carnival Corp., the parent company of Princess Cruises and Holland America Cruise Line, fell victim to a targeted **ransomware attack** in Florida, USA. The incident began when hackers gained unauthorized access to an employee’s account, allowing them to monitor internal email traffic and identify high-value targets within the organization. The attackers then encrypted portions of Carnival Corp.’s IT systems, disrupting operations and potentially exposing sensitive corporate and employee data. While the full scope of the breach was not publicly detailed, the attack highlighted vulnerabilities in the company’s cybersecurity defenses, particularly around credential protection and email security. The encryption of critical systems likely caused operational disruptions, financial losses from recovery efforts, and reputational damage. The attack also raised concerns about the potential exposure of employee and customer data, though no large-scale data leak was confirmed in public reports. Carnival Corp. had to invest in incident response, system restoration, and enhanced security measures to mitigate future risks.

Description: In March 2021, Carnival Corp., a Miami-based cruise company, suffered a **ransomware attack** initiated via a phishing email. The attackers breached the IT system of one of its cruise liners, gaining unauthorized access to **personal data of both employees and customers**. While the intrusion was detected on **March 19th**, the company assessed that the **likelihood of misuse of the stolen data was low**. This incident was part of a recurring pattern, as Carnival Corp. had endured **multiple ransomware attacks over a two-year period**, highlighting persistent vulnerabilities in its cybersecurity defenses. The breach exposed sensitive information, though the full scale of the financial, reputational, or operational damage was not explicitly detailed in the report.

Description: In August 2020, Carnival Corp., a Miami-based cruise operator, fell victim to a **ransomware attack** targeting one of its brand’s IT systems. The attackers partially encrypted critical data files, exposing the company to potential legal and financial repercussions. The breach raised concerns over compromised guest, employee, and shareholder data, alongside regulatory scrutiny. This incident marked Carnival Corp.’s **second cyber-attack**, amplifying risks to its operational integrity, customer trust, and financial stability. While the full scope of data exposure (e.g., personal or financial records) was not explicitly detailed, the attack’s disruptive potential—including operational disruptions, reputational damage, and liability claims—positioned it as a high-stakes security failure with broad organizational consequences.

Description: On August 15, 2020, Carnival Cruise Line experienced a data breach reported by the California Office of the Attorney General on October 13, 2020. Unauthorized actors gained access to the personal information of guests, employees, and crew members. The compromised data included names, addresses, phone numbers, and—potentially—highly sensitive details such as Social Security numbers and health records. The exact number of affected individuals remains undisclosed, but the breach exposed both internal (employee/crew) and external (guest) data, heightening concerns over identity theft, financial fraud, and privacy violations. The incident underscores significant vulnerabilities in Carnival’s data protection measures, particularly given the broad scope of exposed personally identifiable information (PII) and protected health information (PHI). The breach’s impact extends beyond immediate financial risks, posing long-term reputational damage and regulatory scrutiny for the company.

Description: In March 2021, Carnival Corp., a Miami-based cruise operator, suffered a **ransomware attack** initiated via a phishing email. The attackers infiltrated the IT system of one of its cruise liners, gaining unauthorized access to **personal data of both employees and customers**. While the breach was detected on March 19th, the company assessed the risk of data misuse as **low**. This incident was part of a broader pattern, as Carnival Corp. had endured **multiple ransomware attacks over a two-year period**, exposing vulnerabilities in its cybersecurity defenses. The compromised data included sensitive information, though the full extent of the exploitation remains unclear. The attack disrupted internal systems and raised concerns over **customer trust and regulatory compliance**, given the scale of exposed personal records.

Description: Carnival has suffered a ransomware attack. The attack put the personal data of both customers and staff at risk. The attack discovered on 15 August, affected the IT systems of one of its brands which include Cunard, P&O, AIDA, and Princess. The cyber criminals who accessed its systems also downloaded a number of its data files, suggesting that the hackers planned a double-extortion attack.

Description: Holland America Line had a data breach which compromised employee and guest personal information. In late May 2019, a series of deceptive emails were sent to employees that resulted in unauthorized third-party access to some employee email accounts. Holland America Line was shut down to prevent further unauthorized access. The unauthorized third-party access compromsed certain email accounts containing employee and guest personal information, including names, Social Security numbers, government identification numbers, such as passport numbers, national identity card numbers, credit card, and financial account information, and health-related information.

Description: Princess Cruises had a data breach which compromised employee and guest personal information. In late May 2019, a series of deceptive emails were sent to employees that resulted in unauthorized third-party access to some employee email accounts. Princess cruises was shut down to prevent further unauthorized access. The unauthorized third-party access compromsed certain email accounts containing employee and guest personal information, including names, Social Security numbers, government identification numbers, such as passport numbers, national identity card numbers, credit card, and financial account information, and health-related information.