Security Experts:

Cruise Operator Carnival Discloses 2019 Data Breach

Leisure travel company Carnival Corporation has started informing customers of a data breach that occurred last year and which resulted in their personal information being accessed by a third-party.

The company owns 10 global cruise line brands and a tour company, has a fleet of 102 ships visiting more than 700 ports around the world, and employs over 120,000 people. The company serves nearly 11.5 million guests annually.

In a data breach notification (PDF) filed with the attorney general's office in California, Carnival revealed that it launched an investigation after discovering suspicious activity on its network in May 2019.

“It now appears that between April 11 and July 23, 2019, an unsanctioned third party gained unauthorized access to some employee email accounts that contained personal information regarding our guests,” the company says.

According to Carnival, the intruders might have accessed a large amount of sensitive data, including names, addresses, Social Security numbers, passport numbers or driver’s license numbers, health-related information, and credit card and financial account details.

The company also says that the types of data potentially impacted in the incident vary by guest, adding that it does not have “any evidence of misuse of the personal information affecting any individual.”

The travel company says it has already contacted law enforcement on the matter, and that it is undertaking a review of its security policies and procedures, to improve its security program.

“We sincerely regret this occurred and for any concern that this may have caused you. We take very seriously our commitment to privacy and data security,” the company says.

The company has yet to reveal how many of its customers were impacted in the incident.

SecurityWeek has contacted Carnival Corporation via email for additional details on the data breach and will update this article as soon as a reply arrives.

Related: T-Mobile Notifying Customers of Data Breach

Related: Japanese Electronics Giant NEC Discloses Old Data Breach

Related: Hanna Andersson Data Breach: Hackers Compromise Website of Children's Clothier

view counter