The unauthorized access also included the download of certain data files.
At this point, the company is not disclosing the brand that was affected.
Investigation and incident response
When the attack was detected Aug. 15, Carnival Corp. launched an investigation, notified law enforcement and engaged legal counsel and other incident response professionals.
In a filing, the company said it is working with industry-leading cybersecurity firms to immediately respond to the threat, defend IT systems and conduct remediation.
Unauthorized access to data may result in claims
Based on a preliminary assessment, Carnival Corp. does not believe the incident will have a material impact, however it expects the breach included unauthorized access to personal data of customers and employees, which may result in potential claims from customers, employees, shareholders or regulatory agencies.
Although Carnival Corp. doesn't believe that IT systems of other brands were impacted, based on its investigation to date, the company added there can be no assurance that other IT systems of other Carnival brands will not be adversely affected.