The world’s largest cruise operator has urged its customers to be vigilant after a cyberattack that may have exposed the personal information of nearly six million people worldwide.
Carnival Corporation, parent company of brands including Carnival Cruise Line, Princess Cruises, Cunard, Holland America Line and Seabourn, revealed that hackers gained access to part of its IT network during an incident discovered in April.
According to the company, the attack occurred after a cybercriminal used “social engineering” tactics to deceive an employee and gain access to a limited section of Carnival’s systems.
The unauthorised activity was detected on April 14, with investigators later determining that customer information had been copied by the attacker.
The exact information exposed varies from person to person, but Carnival said compromised data may include names, home addresses, email addresses, phone numbers, dates of birth and government-issued identification details such as passport and driver’s licence numbers.
Cybersecurity experts warn that while there is currently no evidence of direct financial theft linked to the breach, affected customers could face an increased risk of identity fraud, phishing scams and other forms of cybercrime.
Criminals may attempt to use the stolen information to impersonate Carnival, travel agents, banks or government agencies in an effort to trick victims into revealing additional personal or financial details.
Reports suggest the notorious hacking group ShinyHunters has claimed responsibility for the attack, alleging it obtained millions of customer records before publishing some of the data online after negotiations reportedly broke down.
Carnival says it acted quickly to block the unauthorised access and has engaged external cybersecurity specialists to investigate the incident and strengthen its digital defences.
The company has begun notifying affected customers and is offering eligible U.S.-based victims two years of complimentary credit monitoring services.
For Australian travellers who may have sailed with Carnival or one of its affiliated cruise brands, experts recommend monitoring email accounts for suspicious messages, changing passwords where appropriate, enabling multi-factor authentication and keeping a close eye on financial and loyalty program accounts.
Qantas was the victim of a similar attack last July when the personal data of approximately six million customers was compromised, leading to significant concerns about data security and customer trust.
