Carnival Corporation, the largest cruise ship operator in the world, has disclosed details about a cybersecurity incident involving unauthorized access of its records.
In a data breach letter sent to affected customers shared by Bleeping Computer, the company acknowledged the incident occurred earlier this year in March and allowed the unauthorized users to access the personal information relating to some of their guests, employees, and crew.
When quizzed by Bloomberg, Carnival said that as soon as it became aware of the data breach, it “acted quickly to shut down the event and prevent further unauthorized access.”
Soon after the company notified the regulators and also hired a cybersecurity firm to look into the breach.
Repeat targets
The investigation reportedly found that during the incident, personal data of customers, employees and crew of not just Carnival, but also of its subsidiaries Holland America and Princess lines, along with details of the company’s medical operations were accessed.
Carnival has said that it has evidence to suggest that there is a “low likelihood” of misuse of any of the breached data.
In addition to alerting the individuals whose details were leaked the company is also said to have set up a call center to respond to any queries from customers.
Notably, this isn’t the first security-related incident that has plagued Carnival. Bleeping Computer notes that the cruise line was first hit by a data breach in March 2020, followed by two ransomware attacks, first in August 2020 and then again in December 2020.
