Carnival Corporation has confirmed a data breach, with reports suggesting up to six million customers have been affected.
The cruise giant said on Wednesday that an employee’s account had been compromised in mid-April, leading to the leak of customers’ personal information, including names, dates of birth, email addresses, phone numbers and government-issued ID, including passport numbers.
While it didn’t say which of its cruise lines had been involved in the breach, one report suggested it was Holland America Line, which carries almost one million passengers a year.
Carnival also owns Cunard, Princess, P&O Cruises, Seabourn, Costa Cruises and AIDA Cruises.
In a statement, it said it had acted quickly to block the unauthorised activity, which is reported to have been carried out by an infamous group of hackers calling themselves ShinyHunters.
Carnival said it is notifying affected customers by email ‘where possible’ and offering those in the US two years of free credit monitoring through TransUnion.
It said it has strengthened its security and monitoring controls and will continue to enhance its IT and data protection measures.
Travel Gossip has asked Carnival UK for an update.
