One of the world’s largest cruise ship operators has disclosed a data breach from mid-March, impacting an unspecified number of customers, employees, and crew.
Carnival Corporation runs many of the globe’s leading cruise lines, including P&O, Cunard and Carnival Cruise Line.
According to a data breach notification letter sent to customers and seen by Infosecurity, the firm detected unauthorized third-party access to a “limited number” of email accounts on March 19.
“The impacted information includes data routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the company, including COVID or other safety testing,” it continued.
“That information may include names, addresses, phone numbers, passport numbers, dates of birth, health information and in some limited instances additional personal information such as Social Security or national identification numbers.”
According to reports, the incident affected customers and employees on Carnival Cruise Line, Holland America Line and Princess Cruises.
Although Carnival claimed in the letter that there was a “low likelihood” of the data being misused, it urged recipients to review their account statements and credit history and be on guard for possible follow-on phishing attempts using the information.
The firm also offered those affected free credit monitoring and identity theft detection for 18 months.
This isn’t the first time Carnival has suffered a security breach.
In March 2020, it revealed that the personal information of passengers and crew was obtained by a third party the previous May, impacting its Princess Cruises and Holland America Line brands.
Then in August 2020, it revealed that ransomware attackers managed to steal personal information from guests and employees of its Carnival Cruise Line, Holland America Line and Seabourn businesses.