If you’ve ever cruised on a Carnival ship, your personal information might have been exposed in a recent hack.
The accessed data included personal information from customers such as their name, address, email address, phone number, date of birth, and ID information like their passport or driver’s license number.
According to a notice published by the company on May 27, Carnival’s IT department first became aware of unidentified access to a “limited portion” of the company’s IT system on April 14. The data is said to have been accessed through an act of social engineering, a form of cyberattack where bad actors manipulate an individual into granting access to systems or information.
“The company acted swiftly to block the unauthorized activity and immediately began working with third party security experts to further strengthen its security and to conduct a thorough investigation,” the company states in the notice. “As part of this investigation the company determined the bad actor illegally accessed certain personal information.”
Carnival began notifying affected individuals by email starting May 27, offering individuals a two-year complimentary subscription for TransUnion credit monitoring. The email included details for a dedicated call center by TransUnion set up to help individuals with enrollment.
Individuals who think they might be affected may also call the TransUnion call center at 1-844-593-8310, from 8 am to 8 pm ET, available for calls, Monday through Friday, excluding major U.S. holidays.
In addition to the services provided, the company is also suggesting individuals should remain vigilant for fraud or identity theft, and should notify the police if they suspect such a case.
The company is also taking next steps for the future.
“In addition to the comprehensive security measures the company had in place prior to the incident, it has taken steps to further safeguard its systems, including enhancing its security and monitoring controls,” the company said. “The company will continue to advance its IT security and data privacy controls to stay ahead of an ever-evolving threat landscape.”
