Carnival Corporation, the world’s largest cruise ship operator, has disclosed a data breach where the threat actors accessed some of its IT systems and the personal, financial, and health information belonging to customers and staff.

Carnival which employs more than 150,000 employees in around 150 countries, provides leisure travel to roughly 13 million guests each year.

The company operates nine of the world’s leading cruise line brands (Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and Seabourn) and a travel tour company (Holland America Princess Alaska Tours).

According to the data breach notification by the cruise line operator, an unauthorized third-party had accessed a limited number of email accounts that was detected on March 19, 2021.

Carnival’s SVP & Chief Communications Officer Roger Frizzell stated that the attackers gained access to “limited portions of its information technology systems.”

The personal information relating to some of the guests, employees, and crew were accessed which includes data which is routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the Company, including COVID or other safety testing.

The accessed information included names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information like Social Security or national identification numbers.

All the impacted customers, employees, as well as Carnival Cruise Line, Holland America Line, Princess Cruises, and medical operations crew were warned that they found evidence indicating “a low likelihood of the data being misused.”

Carnival was hit by a ransomware attack in August 2020 which was also confirmed by the cruise line operator in which the attackers gained access to the personal information of both customers and employees during the attack. A second ransomware attack also hit the company in December 2020. The cruise line was also affected by a data breach disclosed in March 2020.

Image Credits : Carnival Cruises

The post Carnival Cruise discloses data breach first appeared on Cybersafe News.

You May Also Like

Avoiding the snags and snares in data breach reporting: What CISOs need to know

Failing to report sensitive data breaches to US regulatory and law enforcement…

Europol shuts down international phishing operation related to COVID-19

Europol announced that it will initiate legal proceedings against 23 people accused…

How scammers are using job offers to steal your identity

Through its Internet Crime Center (IC3), the Federal Bureau of Investigation (FBI)…