Carnival Cruises, one of the world’s largest cruise ship operators, has confirmed that it suffered another data breach in mid-March of this year.
The company ‘detected unauthorized third-party access to limited portions of its information technology systems’ on 19th March, making this incident the fourth data breach Carnival has suffered in the last 18 months, following attacks in March, August, and December of 2020.
Hackers accessed personal and health information of guests, employees, and crew members of those on Carnival Cruise Line, Holland America Line, and Princess Cruises. It is unclear how many customers or employees were impacted by the breach.
In a data breach notification letter sent to customers, Carnival Cruises stated: “The impacted information includes data routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the company, including COVID or other safety testing.”
“That information may include names, addresses, phone numbers, passport numbers, dates of birth, health information and in some limited instances additional personal information such as Social Security or national identification numbers.”
Carnival stated that there was a “low likelihood” of the breached data being misused, and has offered those affected free credit check monitoring and identity theft detection for 18 months. The company has also advised recipients to review their account statements and credit history, and to be alert for any possible follow-up phishing attacks using their information.