Carnival Corporation revealed to customers in a Thursday memo that an unauthorized actor may have obtained access to a number of individuals' personal details, including Social Security numbers, health records, passport information and dates of birth.
The data breach reportedly occurred on March 19, and impacted the British-American cruise operator's popular subsidiaries: Carnival Cruise Line, Princess Cruises Carnival Corp subsidiaries. Employees were also impacted by the data breach.
The company did not disclose how many individuals may have had their personal information compromised.
Carnival spokesperson Roger Frizzell detailed that the cruise operator hired a cybersecurity firm to investigate the "unauthorized third-party" who gained access to the cruise operator's IT systems.
Those possibly impacted by the data breach have been notified, and the company has established a call center to assist with the matter, Frizzell asserted to The Hill on Friday.
The Carnival spokesperson claimed that, based on current evidence, there is no reason to believe the data is being misused.
While the cruise operator has reportedly implemented enhancements to its cybersecurity and privacy programs, this incident comes as the third major data breach associated with the Carnival Corporation since 2019.
Following both the 2019 data breach with Princess Cruises and the 2020 data breach with the Carnival Corporation, the cruise operator pledged to conduct a "review" to enhance its cybersecurity.
News of Carnival's latest breach comes alongside a string of alleged cyberattacks on US-affiliated companies and infrastructure. Within recent months, US-based JBS SA beef plants, Cox Media Group and the Colonial Pipeline have all been disrupted by ransomware.
JBS and the Colonial Pipeline were not able to resume normal operations until they wired the cybercriminals some $11 million and $4.4 million, respectively.