Security News > 2021 > June > Carnival Cruise hit by data breach, warns of data misuse risk

Carnival Corporation, the world's largest cruise ship operator, has disclosed a data breach after attackers gained access to some of its IT systems and the personal, financial, and health information belonging to customers, employees, and crew.

"Unauthorized third-party access to a limited number of email accounts was detected on March 19, 2021," the cruise line operator giant says in a data breach notification letter recently sent to affected customers.

The cruise line operator also warned impacted customers, employees, as well as Carnival Cruise Line, Holland America Line, Princess Cruises, and medical operations crew that they found evidence indicating "a low likelihood of the data being misused."

BleepingComputer previously reported that a ransomware attack also hit Carnival in August 2020, an incident confirmed by the cruise line operator in an 8-K form filed with the US Securities and Exchange Commission.

The August ransomware attack came after a data breach disclosed in March 2020 that also led to the exposure of customers' personal and financial info after threat actors gained access to Carnival employees' email accounts.

BleepingComputer reported at the time that the German cruise line and Carnival subsidiary AIDA Cruises was dealing with mysterious "IT restrictions" that led to the cancellation of their New Year's Eve cruises.

News URL

https://www.bleepingcomputer.com/news/security/carnival-cruise-hit-by-data-breach-warns-of-data-misuse-risk/