Carnival Corporation, the largest cruise company globally, is offering two years of free credit monitoring to some U.S. travelers impacted by a recent data breach. The breach compromised the personal information of nearly 6 million customers.
Details of the Breach
In April, Carnival identified unauthorized access to a part of its IT system. This security issue was caused by a social engineering attack targeting a single user account. Carnival quickly blocked this activity, sought assistance from third-party security experts, and informed law enforcement.
A statement on Carnival’s website explains that the breach resulted from an unauthorized entity deceiving an employee to gain system access. The breach affected the personal data of 5,995,277 individuals, according to a notice filed with the Maine Attorney General’s office.
Carnival Cruise Line, along with AIDA, Costa, Cunard, Holland America, P&O, and Princess cruise lines, serves about 13.5 million passengers each year.
Compromised Information
The company is conducting a thorough analysis to identify the specific personal details compromised. So far, Carnival has determined breached data includes names, email addresses, phone numbers, dates of birth, as well as driver’s license and passport numbers.
Carnival has also sent out notification letters to affected people, expressing regret over any concerns this situation may cause.
Security Measures and Customer Notification
Carnival emphasized its commitment to personal data security by adding new security and monitoring layers beyond their existing protections. The company stated its efforts to improve defenses against future threats.
In communications addressing delayed notifications, Carnival acknowledged the complexity of the incident required careful examination before informing affected individuals. They stopped the incident as soon as possible and immediately began investigations to notify everyone impacted.
Responses and Claims
The incident stirred discussions among consumers, with some expressing discontent over the time taken to report the breach. Others suggested the need for compensation or vouchers for future cruises.
There are unsubstantiated claims that a hacker group named ShinyHunters took responsibility for the breach. While some say that Carnival refused to pay a ransom and customer data ended up on the dark web, the company has not confirmed these elements.
Protective Measures Offered
Carnival provides two years of complimentary credit monitoring through TransUnion for affected U.S. individuals. They advise customers to keep an eye on their accounts and credit reports and to report any suspicious activity to local authorities.
Teresa Mull, a writer with the Lifestyle team at Fox News Digital, contributed to this report.