Princess Cruises disclosed a potential data breach over the weekend in a post to its website. According to the post, an unidentified third party attained unauthorized access between April 11 and July 23 of 2019. Therefore, they gained access to select staff email accounts containing the personal information of staff, crew, and customers.
Owned by Carnival, Princess Cruises is already undergoing major upheaval due to the global coronavirus pandemic. Its Grand Princess ship carried 19 guests and two workers confirmed infected with the virus. Additionally, the cruise line reportedly plans to suspend all operations for two months in an effort to curb the virus’ spread. Travel demand has decreased significantly due to government mandates and virus concerns.
Princess Cruises identified suspicious activity in May 2019; it remains unclear why the company waited until now to disclose the breach. The list of potentially breached information includes name, SSNs, addresses, driver’s licenses, and health data. Additionally, users’ credit card and bank account information was possibly leaked.
The post disclosing the breach gave more insight into what happened and how the company responded. “This list [of personally-identifying information potentially breached] is not specific to each guest. We do not have any evidence of misuse of the personal information affecting any individual… we reported this matter to law enforcement and are offering our full cooperation. As part of our regular process, we are undertaking a review of our security policies and procedures and implementing changes to enhance our security program.”
Moreover, the post stresses the importance of recognizing phishing emails before giving them credentials. The post also provided some advice on protecting against identity theft and reporting potential cases.
Learn more about how to prevent data breaches here.