Carnival, which is the world’s largest cruise company, admitted in a regulatory filing that it had fallen victim to a ransomware attack on 15 August.

The attack accessed and encrypted a portion of one brand’s information technology systems, and included the download of some of the company’s data files.

Carnival said in a statement: “Promptly upon its detection of the security event, the company launched an investigation and notified law enforcement, and engaged legal counsel and other incident response professionals.

“While the investigation of the incident is ongoing, the company has implemented a series of containment and remediation measures to address this situation and reinforce the security of its information technology systems.

“The company is working with industry-leading cybersecurity firms to immediately respond to the threat, defend the company’s information technology systems, and conduct remediation.”

Carnival said it didn’t believe that the incident would have a material impact on its business, operations or financial results.

But it admitted that the hack had involved “unauthorised access to personal data of guests and employees”.

Kate Bevan, Which? Computing editor, said: “Carnival customers will be alarmed that their data could have fallen into the hands of hackers who might try to exploit it, so it is vital that the company is now transparent and upfront with potential victims and supports them in taking measures to protect themselves

“For anyone concerned they could be affected, it’s important to change any passwords you think might have been compromised – and keep a careful eye on bank accounts and credit reports. Also, be wary of emails or fake ‘customer support’ popping up on social media regarding the breach, as scammers may try to take advantage of it.”