Carnival Corp. this week confirmed that the data breach that took place in March might have exposed personal information about customers and employees of Carnival Cruise Line, Holland America Line, and Princess Cruises.
Carnival Corporation & plc is a British-American cruise operator, currently the world’s largest travel leisure company, with a combined fleet of over 100 vessels across 10 cruise line brands. A dual-listed company,
Carnival Corporation has over 150,000 employees and 13 million guests annually. The cruise line operates under the brands Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and their ultra-luxury cruise line Seabourn.
The company sent a data breach notification letter to its customers to inform them that unauthorized parties might have gained access to their data, including social Security numbers, passport numbers, dates of birth, addresses and health information of people.
At the time of this writing, the number of impacted individuals was not revealed, it is also unclear if the company paid a ransom.
In 2020, the company was the victim of two distinct ransomware attacks that took place in August and December. In October, Carnival Corporation disclosed a data breach as a result of the ransomware attack that took place in August. Ransomware operators have stolen the personal information of customers, employees, and ship crews during the attack.
The recent security breach was spotted on March 19, in response to the incident, the IT staff shut down access and launched an investigation with the help of a cybersecurity.
The company announced to have implemented additional security measured to protect its infrastructure.
The cruise operator set up a call center to provide supports to its customers.
The good news is that the company is not aware of any abuse of personal information stolen during the intrusions.
(SecurityAffairs – hacking, Carnival)