Carnival in a regulatory filing said the attack included unauthorised access to personal data of guests and employees.
Carnival, which operates AIDA, Carnival and Princess cruises among others, in a regulatory filing said the attack included unauthorised access to personal data of guests and employees.
The company did not identify the brand that was affected and declined to provide more details, as the investigation process was at an early stage.
The attack adds to the problems of the company that has been already struggling with suspension of its cruises for months due to the COVID-19 pandemic amid travel restrictions across the world.
Certain data files were downloaded during the attack, Carnival said, and added that there was no assurance that information technology systems of its other brands will not be adversely affected.
Ransomware is a type of malicious program used by hackers to take control of files in an infected system and then demand hefty payments to recover them.
The company said it believed the incident will not have a material impact on its business, operations or financial results.