As it was earlier announced, Carnival Corporation & plc detected unauthorized third-party access to portions of its information technology systems on August 15, 2020.
Information Security at the company acted quickly in order to shut down the intrusion, as well as restore operations and prevent further unauthorized access. Carnival Corporation also notified law enforcement and appropriate regulators and engaged a major cybersecurity firm to investigate the matter.
While the investigation is ongoing, early indications show that in early August 2020 the unauthorized third party had gained access to certain personal information relating to some passengers, employees, and crew members for 3 of the Corporation’s brands - Holland America Line, Seabourn, and Carnival Cruise Line, as well as casino operations. Working with the cybersecurity consultants, the company had taken steps to recover its files and had evidence indicating "a low likelihood of the data being misused."
Carnival Corporation & plc announced it was working as quickly as possible to identify the passengers, employees, crew members, and other individuals whose personal information might have been impacted. It expects to complete the process within the next 30-60 days and will then send notifications to all potentially affected individuals whose contact information is available to Carnival. Along with the individual notices, affected persons will be offered complimentary credit monitoring.
Meanwhile, Carnival has posted website notices and established a call center to answer questions regarding the accident. When the investigation is complete, all callers may confirm whether or not their information had been affected.