Earlier this month, the multibillion-dollar cruise conglomerate Carnival Corp. announced that two of its most popular lines—Holland America and Princess Cruises—were respectively slammed with hacks compromising the sensitive personal intel of cruise-goers and cruise-workers alike. Even though neither announcement makes mention of when each respective breach was disclosed, pulling up the source code for the Princess line’s disclosure reveals that the post happened midday on March 2—just as the U.S. began to learn of the country’s first deaths from covid-19—which is probably why the breach news slipped past most of our radars.
Per Carnival, its cruise companies were hit sometime between April and July of last year, when “an unsanctioned third party gained unauthorized access to some employee email accounts that contained personal information regarding our employees, crew, and guests.”
What kind of information did the “unsanctioned third party” access? All the bad types. Carnival offers a brief rundown:
The types of data potentially impacted varies by individual but can include: name, address, Social Security number, government identification number, such as passport number or driver’s license number, credit card and financial account information, and health-related information.
While neither cruise line has released any hard evidence of any of these details being misused (yet), Holland America’s notice makes sure to mention that guests should consider contacting the major credit bureaus in their respective countries to put fraud alerts on their credit reports. The line also offered to set people up with free credit monitoring and identity protection services to give their guests some “peace of mind.”