Parent group Carnival Corp has written to customers of Carnival Cruise Line, Holland America Line and Princess Cruises to tell them their personal information could have been exposed in a data breach.
The cyber intruders might have gained access to social security numbers, passport numbers, dates of birth, addresses and health information, the letter informs customers.
The attack happened three months ago but has only just been made public.
When Carnival Corp detected the incident on 19 March, it shut down access to its IT systems and hired a cyber security company to investigate.
The group is improving its information systems’ security, a spokesman was quoted as saying by US broadcaster CBS.
Miami-headquartered Carnival has notified the affected people, which includes employees, and set up a call centre to answer their questions.
There is no indication that personal information exposed in those attacks was misused, the company said.
Register to PrivSec Global and tune into the ”Phishing, Ransomware Prevention Plans and Staying One Step Ahead of Cybercriminals” talk on June 23 at 1:00pm BST | 2:00pm CEST | 8:00pm HK.
- Joel Schwarz, Director, MBL Technologies
- Claudio Cilli, Ph.D., Professor, University of Rome
- Andrew Rigney, Director Of Cyber Security Operations, Netjets