Carnival issues update on cyber attack on three cruise line brands

Carnival issues update on cyber attack on three cruise line brands

Passenger data from Carnival Cruise Line, Holland America Line and Seabourn was accessed

Personal passenger data from Carnival Cruise Line, Holland America Line and Seabourn was accessed in an earlier disclosed cyber attack.

The disclosure came from parent company Carnival Corporation in an update on the August hacking.

The company is working “as quickly as possible” to identify the passengers, employees, crew and other individuals whose personal information may have been impacted.

This process could take between 30 and 60 days to complete, however the corporation said: “Working with its cyber security consultants, the company took steps to recover its files and has evidence indicating a low likelihood of the data being misused.”

Those affected will be offered complimentary credit monitoring, “as appropriate”.

The group said: “While the investigation is ongoing, early indications are that in early August the unauthorised third party gained access to certain personal information relating to some guests, employees and crew for three of the corporation’s brands – Carnival Cruise Line, Holland America Line and Seabourn, as well as casino operations.”

The unauthorised third-party access to portions of the company’s information technology systems was detected on August 15.

“Information Security at Carnival Corporation acted quickly to shut down the intrusion, restore operations and prevent further unauthorised access,” the group added.

“The company also engaged a major cyber security firm to investigate the matter and notified law enforcement and appropriate regulators of the event.”

Carnival Corporation is “continuing to review security and privacy policies and procedures and implementing changes when needed to enhance information security and privacy controls”.

Meanwhile, the company has posted website notices and established a dedicated call centre to answer questions regarding the event.

“When the investigation is complete, callers may confirm whether or not their information was affected,” the corporation said.

The IT attack came as the majority of group’s cruises remain suspended due to the Covid-19 pandemic and global travel restrictions.