Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cruise Operator Carnival Discloses 2019 Data Breach

Leisure travel company Carnival Corporation has started informing customers of a data breach that occurred last year and which resulted in their personal information being accessed by a third-party.

Leisure travel company Carnival Corporation has started informing customers of a data breach that occurred last year and which resulted in their personal information being accessed by a third-party.

The company owns 10 global cruise line brands and a tour company, has a fleet of 102 ships visiting more than 700 ports around the world, and employs over 120,000 people. The company serves nearly 11.5 million guests annually.

In a data breach notification (PDF) filed with the attorney general’s office in California, Carnival revealed that it launched an investigation after discovering suspicious activity on its network in May 2019.

“It now appears that between April 11 and July 23, 2019, an unsanctioned third party gained unauthorized access to some employee email accounts that contained personal information regarding our guests,” the company says.

According to Carnival, the intruders might have accessed a large amount of sensitive data, including names, addresses, Social Security numbers, passport numbers or driver’s license numbers, health-related information, and credit card and financial account details.

The company also says that the types of data potentially impacted in the incident vary by guest, adding that it does not have “any evidence of misuse of the personal information affecting any individual.”

The travel company says it has already contacted law enforcement on the matter, and that it is undertaking a review of its security policies and procedures, to improve its security program.

“We sincerely regret this occurred and for any concern that this may have caused you. We take very seriously our commitment to privacy and data security,” the company says.

The company has yet to reveal how many of its customers were impacted in the incident.

SecurityWeek has contacted Carnival Corporation via email for additional details on the data breach and will update this article as soon as a reply arrives.

Related: T-Mobile Notifying Customers of Data Breach

Related: Japanese Electronics Giant NEC Discloses Old Data Breach

Related: Hanna Andersson Data Breach: Hackers Compromise Website of Children’s Clothier

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.