Passenger and crew’s personal data may have been stolen from cruise company Carnival Corporation.
The cruise giant, which owns 10 cruise lines and is currently the world’s largest travel leisure business, said the cyber attack took place on 15 August.
The company did not reveal how many customers or which brands had been targeted, but said that law enforcement agencies were notified immediately after one of its cruise brands detected a ransomware attack that accessed an encrypted portion of its information technology systems.
Download the new Independent Premium app
Sharing the full story, not just the headlines
Investigations are currently ongoing.
Carnival cruise lines, including Carnival Cruise Line, Princess Cruises and Holland America Line, host nearly 13 million passengers in an average year, meaning its brands carry a huge amount of client data.
Cyber security experts have warned customers to check their bank accounts, change their online passwords and be alert to any potentially fraudulent emails.
“Carnival customers will be alarmed that their data could have fallen into the hands of hackers who might try to exploit it, so it is vital that the company is now transparent and upfront with potential victims and supports them in taking measures to protect themselves,” said Kate Bevan, computing editor at Which?.
The Independent has contacted Carnival Corporation for comment.
It’s not the first time the company has been hacked.
In 2019, a cyber attack on Princess Cruises and Holland America Line saw hundreds of customers’ and staff’s personal data compromised in a phishing attack.
The perpetrators stole passengers’ names, Social Security numbers, passport numbers and credit card information.
The cruise industry has been hard hit by coronavirus, which has seen ships unable to dock as countries closed their borders amid the pandemic.
The Foreign Office is currently advising against all cruises barring river cruises, while the US’s Centers for Disease Control and Prevention has banned cruise voyages until at least 30 September.