Carnival, the world's largest cruise-line operator, has had personal information of customers, crew members and other employees stolen in a data breach.
"Names, addresses, phone numbers, passport numbers, dates of birth, health information and in some limited instances additional personal information, such as Social Security or national identification numbers" were stolen, according to a breach-notification letter (opens in new tab) obtained by Bleeping Computer (opens in new tab).
- 3.3 million customers hit by VW data breach — what to do
- The best identity theft protection services
- Plus: iPhone 13 — these are the upgrades I'd actually pay for
"There is evidence of a low likelihood of the data being misused," the notification letter says. None of that evidence was cited in the letter.
This is at least the fourth time Carnival has had its internal systems hacked. Last year, Carnival was hit by two ransomware attacks and another attack that resulted in a data breach, according to Bleeping Computer.
The U.S.-based Carnival Corporation and its British twin, Carnival PLC, jointly own and operate Carnival Cruise Line, Holland America Line, Princess Cruises, Cunard Line, P&O Cruises, Seabourn Cruise Line, Costa Cruises and AIDA Cruises, which operate worldwide.
A Carnival spokesman told ABC News (opens in new tab) that the company detected that its information systems had been penetrated on March 19 and subsequently launched an investigation.
Carnival did not provide a number for how many persons might have had their personal information stolen in this data breach, but if you do get that notification letter, take it very seriously.
A full name, current address, date of birth and Social Security number, all of which were revealed in this breach, are all the information a criminal needs to open accounts in your name.
Carnival breach: What to do now
Carnival is offering 18 months of free identity-theft protection and credit monitoring provided by Cyberscout to all affected individuals. Carnival customers and employees can call (800) 905-0687 on weekday or email firstname.lastname@example.org for more information. Instructions and an enrollment code are included in the breach notification letter.
Tom's Guide recommends that affected persons take up the company on its offer of an identity-theft-protection subscription, but please read the fine print before you sign up. Accepting the offer may limit your ability to take legal action against the company if your identity is indeed stolen as a result of this breach.
Also, please note that Carnival's Cyberscout offer monitors only one of the Big Three credit-reporting agencies, and lasts for only 18 months. Many other large companies that have customer personal data stolen, such as Volkswagen just last week, offer two years of credit monitoring and identity-theft-protection. Some of those offers monitor all three major credit reporting agencies, not just one.
For a more thorough explanation of what kind of credit monitoring and identity protection is available to consumers, please visit our page on the best identity-theft-protection services.