Cruise operator Carnival Corp disclosed on Wednesday a data breach in April. The attack used social engineering to compromise an employee account, leaking personal information including names, addresses, and government-issued identification numbers.
The company says it quickly blocked the unauthorized activity and hired third-party experts for an investigation. Carnival is notifying affected individuals by email where possible and offering U.S. customers two years of free credit monitoring through TransUnion.
Carnival stated it has strengthened security controls and urged affected individuals to enroll in monitoring, remain vigilant, and report identity theft. This is not the first such incident; Carnival detected a similar breach in 2021 that affected guest and employee data across several of its cruise lines.