For the third time in one year, Carnival Corporation has been hit by a data breach within its IT systems. The cruise operator said Thursday it had detected unauthorized access to its computer system back in March of this year.
The company alerted regulators and hired a cybersecurity firm to investigate the breach. It is the third time security breaches have hit the company in its IT systems.
Last year in August Carnival Corporation was hit by a ransomware attack that affected the brands UK-based cruise lines, P&O UK and Cunard Line, while in December Germany-based AIDA suffered a cyberattack.
The data breach in March of this year seems to involve the brand’s US-based cruise lines.
Low likelihood of Data Being Misused
The company’s shares quickly dropped 2% once the announcement came, despite the breach taking place on March 19 of this year. According to an email in possession of the Technology news portal Bleeping Computer, which first reported the breach. The company acted quickly “to shut down the event and prevent further unauthorized access.”
The breach has affected the personal information of some guests, employees, and crew for Carnival Cruise Line, Holland America Line, Princess Cruises, and medical operations, Carnival Corporation said.
This information included data collected throughout the guests’ experience and in the booking process, as well as employee data such as COVID and safety testing, names, addresses, phone numbers, passport numbers, dates of birth, health information, and in some limited instances additional personal information, such as Social Security or national identification numbers.
The company further said:
“Unauthorized third-party access to a limited number of email accounts was detected on March 19, 2021. We acted quickly to shut down the event and prevent further unauthorized access. A leading cybersecurity firm was engaged to investigate the matter, and appropriate regulators were notified. There is evidence indicating a low likelihood of the data being misused.”
Carnival Corporation said it has set up a call center for those affected and has already contacted everyone involved. The company will also offer free credit monitoring and identity theft detection services for 18 months.
Carnival Has Experienced Issues Before
It is not the first time a data breach has hit Carnival Corporation. In August of last year, the company was hit by a ransomware attack in the UK branch of companies, Cunard Line and P&O UK. In December of 2020, Germany-based AIDA fell victim to a cyberattack.
For the UK-based cruise lines the problem lay mainly with the company’s telephone systems and customer agent booking portals. During a ransomware attack, a company’s data is taken over by a hostile entity, which is only released once a sum of money is paid.
Ransomware attacks happen when, for example, phishing emails are opened, which will then open a system for hostile intent. The AIDA attack caused the cruise line to cancel cruises for AIDAMar and AIDAPerla.
The March attack comes when the cruise company is trying hard to restart all nine of its brands worldwide. The attack will likely not have severe consequences for Carnival Corporation. However, it will want to review its operational safety systems thoroughly.