Carnival Cruise Line is facing a massive data breach after hackers used a social engineering attack to access company systems, compromising the personal data of nearly 6 million customers.
The company said its IT team discovered the breach on April 14. The attackers tricked a single employee into granting access to a limited portion of the system. Carnival says it blocked the activity and launched an investigation with third-party experts.
The compromised data varies for each person, but includes names, addresses, email addresses, phone numbers, dates of birth, and government ID numbers such as driver's license and passport numbers.
Carnival began notifying affected customers on May 27 and is offering free two-year credit monitoring through TransUnion. The company also set up a dedicated call center for questions.
In a statement, Carnival apologized for the incident and said it has added new layers of security and monitoring.