Carnival Corporation subsidiary Princess Cruises announced last year that it had identified “suspicious activity” by an individual or entity who, in mid-2019, gained access to the personal information of both travelers and employees. It was later disclosed that the Carnival Corporation fell victim to a similar cyber attack on August 15, 2020.
Carnival Corporation revealed to customers in a Thursday memo that an unauthorized actor may have obtained access to a number of individuals’ personal details, including Social Security numbers, health records, passport information and dates of birth.
The company did not disclose how many individuals may have had their personal information compromised.
Carnival spokesperson Roger Frizzell detailed that the cruise operator hired a cybersecurity firm to investigate the “unauthorized third-party” who gained access to the cruise operator’s IT systems.
The Carnival spokesperson claimed that, based on current evidence, there is no reason to believe the data is being misused.
While the cruise operator has reportedly implemented enhancements to its cybersecurity and privacy programs, this incident comes as the third major data breach associated with the Carnival Corporation since 2019.
News of Carnival’s latest breach comes alongside a string of alleged cyberattacks on US-affiliated companies and infrastructure. Within recent months, US-based JBS SA beef plants, Cox Media Group and the Colonial Pipeline have all been disrupted by ransomware.
JBS and the Colonial Pipeline were not able to resume normal operations until they wired the cybercriminals some $11 million and $4.4 million, respectively.