Three cruise lines under Carnival Corp. suffered a data breach earlier this year that affected both customers and employees, according to the company.
On March 19, the parent company of Carnival Cruise Line, Holland America and Princess Cruises detected unauthorized access to part of its information technology systems, according to company spokesman Roger Frizzell.
“Information Security at Carnival Corporation acted quickly to shut down the event and prevent further unauthorized access,” he said in an email.
Frizzell said the company engaged a cybersecurity firm to deal with the breach while notifying regulators. The ensuing investigation revealed the breach allowed third-party access to personal information of some guests, employees and crew among the three cruise lines as well as medical operations, Frizzell said.
Carnival Corp. states that there is low likelihood the breached data is being misused.
“The company has notified guests, employees, crew and other individuals whose personal information may have been impacted,” Frizzell said. “It also has established a dedicated call center to answer questions regarding the event.”
Following the incident, Carnival Corp. is reviewing its security and privacy policies and procedures, he said.
Carnival Corp. is the largest cruise company in the world with nine cruise lines in its portfolio with 92 ships and several more under construction.