The world’s largest cruise operator Carnival has revealed that it suffered a ransomware attack and security breach that could affect customer and employee data. The company disclosed the information in a US Securities Exchange Commission (SEC) 8-K filing (via ZDNet), saying that it occurred on last weekend on August 15th. “We expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims,” the form states.

Carnival added that attackers “accessed and encrypted a portion of one brand’s information technology systems,” without providing further details like the type of ransomware. The company suffered a separate breach last year which also potentially involved stolen customer data.