Carnival Corp. Updates Findings After August Cyber-Attack

Carnival Corp. said a cyber-attack appears to have sought access to personal information of some guests, employees and crew of three cruise brands – Carnival Cruise Line, Holland America Line and Seabourn – as well as its casino operations.

Carnival detected the unauthorized third-party access to portions of its information technology systems on Aug. 15, 2020. Information security worked quickly to shut down the intrusion, restore operations and prevent further unauthorized access. The company also engaged a major cybersecurity firm to investigate and notified law enforcement and appropriate regulators of the event.

Carnival said the investigation is ongoing but that cybersecurity consultants took steps to recover its files and “has evidence indicating a low likelihood of the data being misused.”

The company said it is working to identify the guests, employees, crew and other individuals whose personal information may have been impacted. The company expects to complete this process within the next 30 to 60 days and will notify the potentially affected individuals if they have current contact information. Those individuals will be offered complimentary credit monitoring.

Meanwhile, the company has posted website notices and established a dedicated call center to answer questions regarding the event. When the investigation is complete, callers may confirm whether or not their information was affected.

The call center is at 888-905-0687 and open from 9 a.m. to 9 p.m. Eastern Time, Monday through Friday.

As part of its ongoing operations, the company is continuing to review security and privacy policies and procedures and implementing changes when needed to enhance information security and privacy controls.