Two cruise line brands owned by Carnival Corporation have revealed that they were hit by a cyberattack sometime last year, which potentially left employee and customers’ data exposed.
Both Holland America Line and Princess Cruises explained in recent company releases that they identified a series of “deceptive” emails back in May 2019 sent to employees. These emails allowed unauthorized third-party access to a number of employee email accounts, the companies said.
The cruise companies said that after detecting the suspicious activity, they acted quickly to shut down the cyber breach and prevent further unauthorized access. Holland America Line and Princess Cruises also noted that they retained a “major cybersecurity firm” to investigate the incident.
The investigation uncovered that the unauthorized users had accessed certain email accounts, which contained employee and guest personal information. Such information included names, Social Security numbers, government identification numbers (i.e. passport numbers and national identity card numbers), credit card and financial account information, and even health-related information.
Both cruise brands have notified law enforcement of the incident, and are alerting affected individuals. The two have also offered credit monitoring and identity protection services free of charge to those impacted.
Holland America Line and Princess Cruises stated in their respective releases that following the breach incident, they are “reviewing security & privacy policies and procedures and implementing changes when needed to enhance information security.”
Reuters reported that – as of November 30, 2019 – Holland America Line and Princess Cruises together accounted for 30% of Carnival’s capacity.