Carnival Corporation has confirmed a significant data breach affecting nearly 6 million individuals, potentially impacting travelers who may not identify as Carnival customers. The breach was the result of a social engineering attack on a single user account, allowing unauthorized access to part of Carnival’s IT system.

Details of the Breach

The breach exposed personal information such as names, addresses, email addresses, phone numbers, dates of birth, and government-issued identification numbers. The data, analyzed by Have I Been Pwned, included 8.7 million records with 7.5 million unique email addresses, linked to Holland America’s Mariner Society loyalty program.

Carnival has taken steps to mitigate the breach by blocking the unauthorized activity, engaging third-party security experts, and notifying law enforcement. The company is also notifying affected individuals and offering two years of complimentary credit monitoring to eligible U.S. individuals.

Potential Risks and Precautions

The breach poses a risk of scams, as criminals can use the stolen data to craft convincing fake communications. Travelers are advised to be cautious of messages regarding refunds, loyalty points, or account verifications, and to verify such communications directly through official channels.

To protect themselves, individuals should use strong, unique passwords for travel accounts, enable two-factor authentication, and be wary of unsolicited communications. Additionally, a credit freeze can prevent criminals from opening new accounts in one’s name.

Ongoing Security Measures

Carnival has faced previous cybersecurity incidents, highlighting the importance of vigilance in managing old travel accounts. The company is committed to enhancing its security measures to protect customer data against evolving threats.

Original reporting: Fox News (HLL/CB) — read the source article.