Seatrade Cruise News is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Carnival Corp. data breach may have impacted three brands

CRUISE Carnival Corp. logo.jpg
A Carnival Corp. & plc data breach in early August indicates possible third-party access to personal information related to Carnival Cruise Line, Holland America Line and Seabourn, as well as casino operations.

Some guests, employees and crew at the three brands could be impacted.

'Low likelihood of the data being misused'

Working with its cybersecurity consultants, Carnival Corp. said it took steps to recover its files and has evidence indicating a 'low likelihood of the data being misused.'

The data breach, a ransomware attack, was detected Aug. 15. Initially, the company thought only one brand was impacted.

A major cybersecurity firm was engaged to investigate the matter and law enforcement and regulators were notified.  

The investigation is ongoing.

Aim to identify those impacted within 30-60 days

Carnival Corp. said it is working as quickly as possible to identify the guests, employees, crew and other individuals whose personal information may have been impacted. This process is expected to be completed within the next 30 to 60 days and then the company will send notifications to potentially affected individuals whose current contact information is available. Along with those individual notices, affected individuals will be offered complimentary credit monitoring, as appropriate.

Meanwhile, the company has posted website notices at each brand and established a dedicated call center to answer questions (US toll-free +1-888-905-0687, 9 a.m. to 9 p.m. ET Monday through Friday). Individuals outside the US may email questions to [email protected] and request a call center representative respond by phone.

When the investigation is complete, callers may confirm whether or not their information was affected.