[BreachExchange] Cruise Operator Carnival Discloses 2019 Data Breach
Destry Winant
destry at riskbasedsecurity.com
Fri Mar 6 10:09:35 EST 2020
https://www.securityweek.com/cruise-operator-carnival-discloses-2019-data-breach
Leisure travel company Carnival Corporation has started informing
customers of a data breach that occurred last year and which resulted
in their personal information being accessed by a third-party.
The company owns 10 global cruise line brands and a tour company, has
a fleet of 102 ships visiting more than 700 ports around the world,
and employs over 120,000 people. The company serves nearly 11.5
million guests annually.
In a data breach notification (PDF) filed with the attorney general's
office in California, Carnival revealed that it launched an
investigation after discovering suspicious activity on its network in
May 2019.
“It now appears that between April 11 and July 23, 2019, an
unsanctioned third party gained unauthorized access to some employee
email accounts that contained personal information regarding our
guests,” the company says.
According to Carnival, the intruders might have accessed a large
amount of sensitive data, including names, addresses, Social Security
numbers, passport numbers or driver’s license numbers, health-related
information, and credit card and financial account details.
The company also says that the types of data potentially impacted in
the incident vary by guest, adding that it does not have “any evidence
of misuse of the personal information affecting any individual.”
The travel company says it has already contacted law enforcement on
the matter, and that it is undertaking a review of its security
policies and procedures, to improve its security program.
“We sincerely regret this occurred and for any concern that this may
have caused you. We take very seriously our commitment to privacy and
data security,” the company says.
The company has yet to reveal how many of its customers were impacted
in the incident.
SecurityWeek has contacted Carnival Corporation via email for
additional details on the data breach and will update this article as
soon as a reply arrives.
More information about the BreachExchange
mailing list