Carnival Corp has announced that two cruise lines have been hit by a cyberattack last year, exposing the personal details and even credit card numbers of its staff and guests.
The company confirmed earlier this week that two of its cruise lines, Princess Cruises, and the Holland America Line were both hit by cybercriminals in May of 2019.
According to InfoSecurity Magazine, “investigations into the incident carried out by Princess and Holland America revealed that an unauthorized third party had gained access to a substantial amount of personal information belonging to both passengers and crew.”
The data implicated in the breach includes credit card numbers, social security numbers, passport numbers, government identification numbers, health-related information, names and email addresses of both passengers and crew; not all passengers or staff were affected by the breach, however it is a widely-sprawling hack.
Carnival has since issued a press release stating that “in late May 2019, Princess Cruises identified a series of deceptive emails sent to employees resulting in unauthorized third-party access to some employee email accounts. The company acted quickly to shut down the attack and prevent further unauthorized access. It also retained a major cybersecurity firm to investigate the matter while reinforcing security and privacy protocols to further protect systems.”
“The company notified law enforcement of the incident and are notifying affected individuals where possible. While there is no indication of any misuse of this information, credit monitoring and identity protection services will be provided free of charge to give those affected peace of mind,” the company concluded.
It’s difficult to get exact figures of just how many people could be impacted by this particular cyberattack at this stage, however, considering that the Princess and Holland America Line account for nearly 30% of Carnival Corp’s capacity, the damage could potentially be widespread.