Carnival Corporation revealed on Thursday, June 18, that the data breach in March 2021 might have exposed personal information about clients and employees on CCL-Carnival Cruise Line, HAL-Holland America Line, and Princess Cruises.
In a letter to customers, the company indicated that outsiders might have gained access to passport numbers, dates of birth, addresses, Social Security numbers, and health information of people.
Carnival declined to say how many people's information had been exposed.
The breach comes after the company was hit twice in 2020 by ransomware attacks.
According to Carnival's spokesman Roger Frizzell, the company had detected the latest intrusion to some of its information technology systems on March 19, 2021, and had shut down access. He added Carnival had hired a cybersecurity company to investigate the case and was making changes to improve the security of its information systems.
Carnival Corporation has notified the affected people as well as set up a call center to answer questions.
In a securities filing in April, the Miami-based corporation (currently the world's largest cruise shipowner) disclosed that hackers had broken into its systems in August 2020 and again in December 2020. The attackers had encrypted part of one line’s IT systems and had gained access to personal information about clients and employees.
According to Carnival, there was no indication that personal information exposed in those attacks had been misused.
The company didn't indicate whether it had paid a ransom.
Carnival Corporation's shares fell 3% on Thursday.