BreachExchange mailing list archives
Cruise Operator Carnival Discloses 2019 Data Breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 6 Mar 2020 09:09:35 -0600
https://www.securityweek.com/cruise-operator-carnival-discloses-2019-data-breach Leisure travel company Carnival Corporation has started informing customers of a data breach that occurred last year and which resulted in their personal information being accessed by a third-party. The company owns 10 global cruise line brands and a tour company, has a fleet of 102 ships visiting more than 700 ports around the world, and employs over 120,000 people. The company serves nearly 11.5 million guests annually. In a data breach notification (PDF) filed with the attorney general's office in California, Carnival revealed that it launched an investigation after discovering suspicious activity on its network in May 2019. “It now appears that between April 11 and July 23, 2019, an unsanctioned third party gained unauthorized access to some employee email accounts that contained personal information regarding our guests,” the company says. According to Carnival, the intruders might have accessed a large amount of sensitive data, including names, addresses, Social Security numbers, passport numbers or driver’s license numbers, health-related information, and credit card and financial account details. The company also says that the types of data potentially impacted in the incident vary by guest, adding that it does not have “any evidence of misuse of the personal information affecting any individual.” The travel company says it has already contacted law enforcement on the matter, and that it is undertaking a review of its security policies and procedures, to improve its security program. “We sincerely regret this occurred and for any concern that this may have caused you. We take very seriously our commitment to privacy and data security,” the company says. The company has yet to reveal how many of its customers were impacted in the incident. SecurityWeek has contacted Carnival Corporation via email for additional details on the data breach and will update this article as soon as a reply arrives. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Cruise Operator Carnival Discloses 2019 Data Breach Destry Winant (Mar 06)