Princess Cruises confirm data breach, ten months after identifying it

Princess Cruises confirm data breach, ten months after identifying it

Princess Cruises

Princess Cruises, the cruise line owned by Carnival Corporation & plc. that stopped their global operations after the outbreak of coronavirus in two of their ships, have now confirmed they suffered a major security breach that spanned three months last year.

In the notice of a potential data breach published on their website, Princess Cruises have confirmed that in May 2019 they identified suspicious activity in their network. The incident involved unauthorised access to multiple employee email accounts in the period of 11 April – 23 July 2019. Some of the emails contained personal information of guests, crew, and employees.

Princess Cruises said that the data security incident potentially compromised the name, address, Social Security Number, passport number, driver's license number, credit card, and financial account information, and health-related information. This data leak was not specific to each guest and the company does not have any evidence of misuse of this personal information so far.

Princess Cruises have confirmed that apart from their ongoing investigation, they have also reported this incident to the law enforcement. Furthermore, they are reviewing their security policies and implementing changes to enhance their security program. The security incident also impacted employees working for Holland America Lina, another travel company owned by Carnival Corporation.

Jonathan Knudsen, senior security strategist at Synopsys, told TEISS that news of the data breach at Princess Cruises makes one thing perfectly clear: all businesses are software businesses. Regardless of specifics, software is part of the underlying critical infrastructure that supports every business.

"Businesses of all types are realising that software is critical infrastructure. When software fails, the consequences can be severe, ranging from inconvenience and expense all the way up to reputation damage and loss of business continuity.

"A proactive, security-forward culture is the best way to minimise risk. This means thinking about security in all initiatives, large and small. Ongoing security education is important, but it is just as important to incorporate security into the design of network infrastructure, internal software systems, and business processes, not to mention making security a first-class citizen when procuring software and systems," he added.

ALSO READ: Cathay Pacific fined £500,000 by ICO for 2018 data breach

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles