Carnival Cruise Lines Hacked

Two cruise lines operated by Carnival Corp have fallen victim to a cyber-attack.

Carnival announced on Monday that Princess Cruises and the Holland America Line had both been hit by cyber-criminals in late May last year.

Investigations into the incident carried out by Princess and Holland America revealed that an unauthorized third party had gained access to a substantial amount of personal information belonging to both passengers and crew.

Data accessed in the attack included email accounts, names, Social Security numbers, government identification numbers, passport numbers, health-related information, and credit card information of guests and employees. Not all guests were impacted by the incident.

In a statement released on March 2 by Princess Cruises, the company said it had "identified a series of deceptive emails sent to employees resulting in unauthorized third-party access to some employee email accounts."

The company said it notified law enforcement of the incident and are notifying affected individuals where possible. 

Princess and Holland America said that they acted promptly to contain the attack and prevent further unauthorized access from occurring. They also retained "a major cybersecurity firm to investigate the matter while reinforcing security and privacy protocols to further protect systems and information."

So far, the investigators have not found any evidence that the data accessed without authorization during the attack has been misused. Both cruise lines said they would be offering credit monitoring and identity protection services free of charge "to give those affected peace of mind."

It is unclear precisely how many people have been affected by the incident, but the number could potentially be high. Together, the lines account for roughly 30% of Carnival Corp's capacity as of November 30.

The news is another blow to Princess, which has been featured relentlessly in the media after the coronavirus COVID-19 ripped through its ship Diamond Princess, infecting hundreds and triggering evacuations of some passengers. After completing a period of quarantine in Yokohama, Japan, all guests have now disembarked from the ship.

Princess Cruises stated on February 9 that all guests on board the beleaguered Diamond Princess will receive a full refund. Rather optimistically assuming passengers will want to take to the water again, the company has also issued guests with future cruise credit.

What’s Hot on Infosecurity Magazine?