Carnival Cruise Line recently disclosed a significant data breach that has affected the personal information of nearly 6 million cruise passengers. The breach was discovered on April 14, when an unauthorized actor accessed a portion of Carnival’s IT system through a social engineering attack, deceiving an employee to gain entry.

Details of the Breach

According to Carnival, the breach compromised sensitive information, including names, addresses, email addresses, phone numbers, dates of birth, and government-issued identification numbers such as driver’s license and passport numbers. The company confirmed the extent of the breach on April 22, following an internal investigation.

While Carnival did not initially specify the number of individuals affected, a notice filed with the Office of the Maine Attorney General revealed that 5,995,277 people were impacted. In response, Carnival has been notifying affected customers via email and is providing two years of free credit monitoring through TransUnion.

Response and Recommendations

Carnival has expressed deep regret over the incident and the potential concerns it may cause. The company has taken steps to enhance its security measures, including deploying additional safeguards and conducting ongoing security reviews to strengthen its systems.

In addition to these measures, Carnival is urging those affected to remain vigilant by regularly monitoring their account statements and credit histories for any signs of identity theft or fraud. The company advises contacting local law enforcement if any unauthorized activities are suspected.

For further inquiries, Carnival has set up a dedicated call center to assist affected individuals, which can be reached at 1-844-593-8310.

Original reporting: NBC10 Boston — read the source article.