- The Urgent Need for Data Minimization Standards
- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
Carnival Confirms Another Security Breach Impacting Staff and Passengers
One of the world’s largest cruise ship operators has disclosed a data breach from mid-March, impacting an unspecified number of customers, employees, and crew.
Carnival Corporation runs many of the globe’s leading cruise lines, including P&O, Cunard and Carnival Cruise Line.
According to a data breach notification letter sent to customers and seen by Infosecurity, the firm detected unauthorized third-party access to a “limited number” of email accounts on March 19.
“The impacted information includes data routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the company, including COVID or other safety testing,” it continued.
“That information may include names, addresses, phone numbers, passport numbers, dates of birth, health information and in some limited instances additional personal information such as Social Security or national identification numbers.”
According to reports, the incident affected customers and employees on Carnival Cruise Line, Holland America Line and Princess Cruises.
Although Carnival claimed in the letter that there was a “low likelihood” of the data being misused, it urged recipients to review their account statements and credit history and be on guard for possible follow-on phishing attempts using the information.
The firm also offered those affected free credit monitoring and identity theft detection for 18 months.
This isn’t the first time Carnival has suffered a security breach.
In March 2020, it revealed that the personal information of passengers and crew was obtained by a third party the previous May, impacting its Princess Cruises and Holland America Line brands.
Then in August 2020, it revealed that ransomware attackers managed to steal personal information from guests and employees of its Carnival Cruise Line, Holland America Line and Seabourn businesses.