Ransomware attack took place on August 15, 2020, and it was disclosed via an 8-K form filed with the Securities and Exchange Commission (SEC) Carnival confirmed that the unknown ransomware gang was able to gain access to personal information of both customers and employees during the attack. The discovery was made during an investigation led by a major cybersecurity firm hired by Carnival following the August 15 incident. The company said that only one of its brands was affected in the incident and that it expected that “the security event included unauthorized access to the personal data of guests and employees”””
Source: https://www.bleepingcomputer.com/news/security/largest-cruise-line-operator-carnival-confirms-ransomware-data-theft/