Princess Cruises Data Breach

  • Published: Jun 25, 2024
  • Last Updated: Jul 09, 2024

Founded in 1965, Princess Cruises rose to prominence in the late 1970s after being heavily featured on the hit TV show “The Love Boat” and is currently a leading name in the cruise industry. In 2020, Carnival Corporation, the parent company of Princess Cruises, announced that it had experienced a significant data breach that exposed sensitive passenger and employee information. 

Princess Cruises Data Breach

With a global itinerary of over 330 cruise destinations across more than 100 countries on all seven continents, it is no surprise that bad-faith actors targeted Princess Cruises. As more businesses and organizations move their operations online and adopt digital technologies, cybercriminals' attack surface expands, providing more opportunities for breaches. Factors like ransomware evolution, advanced attack methods, and the surge in remote work have also contributed to a noticeable uptick in data breaches and ransomware attacks in the US (and globally), cutting across several industries. 

While Carnival Corp is no stranger to ransomware attacks, the Princess Cruises breach, which also affected its sister line, Holland America Line, represented its most significant data breach incident (and in the travel/cruise sector). Even though the company stated that it quickly “shut down the event” and took necessary steps to investigate the cause and stop further unauthorized access, it raised concerns about data security within the travel sector.

When Was the Princess Cruises Data Breach?

The Princess Cruises data breach was initially discovered in May 2019 when the company identified suspicious activity on its network. According to a notification letter sent to its customers and filed with the California Attorney General’s Office in March 2020, the company initiated an investigation to determine the exact nature and impact of the breach. This investigation revealed that a third party had gained unauthorized access to several employee email accounts that contained personal information on guests and crew members between April 11 and July 23, 2019. The exact nature of exposed data varied but included names, addresses, Social Security numbers, government identification numbers (passport and driver’s license numbers), credit card information, and health-related data. 

How to Check If Your Data Was Breached

Princess Cruises did not disclose the exact number of passengers and employees affected by the data breach when announcing the incident; however, it took steps to notify affected individuals and offered them free credit monitoring and identity theft detection services. Nonetheless, subsequent reports suggested that this single data breach incident affected over 180,000 Carnival Corp employees and customers nationwide. 

In situations where you do not receive a notification from a company about a data breach, you can take action on your own to determine if you may have been affected by monitoring your bank account activity for any unusual transactions. Be sure to report anything suspicious to the police and your card issuer, and be cautious of unsolicited emails or SMS messages during this time. 

What to Do If Your Data Was Breached

Following the data breach, Princess Cruises offered affected individuals free credit monitoring and identity theft detection services, including 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. 

If a data breach potentially impacts you, taking proactive steps to protect your personal information is essential. This can include updating passwords for any online accounts, especially those with the same credentials as the compromised email accounts, and monitoring your financial statements for unusual activity. You should also keep an eye out for any communications from the company regarding updates, further actions to take, and subsequent breaches or ransomware attacks, especially if you are a continuing cruise line customer. 

Are There Any Lawsuits Because of the Data Breach?

A multi-state investigation ensued after Carnival Corp publicly announced the data breach, focusing on the company’s email security practices and compliance with data breach statutes. The investigation was co-led by the Connecticut, Florida, and Washington Attorneys General, who were assisted by Alabama, Arizona, Arkansas, Ohio, and North Carolina, and joined by Delaware, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania, Rhode Island, Vermont, Georgia, Kentucky, Louisiana, Mississippi, South Carolina, Tennessee, Virginia, West Virginia, Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, Missouri, Nebraska, North Dakota, South Dakota, Wisconsin, Colorado, Nevada, New Mexico, Oklahoma, Texas, Utah, Wyoming, Alaska, California, Hawaii, Idaho, Montana, and Oregon.

The main bone of contention was Carnival Corp’s failure to notify law enforcement and potential victims as soon as the breach was identified; instead, it waited approximately 10 months before reporting the incident. The investigation led to a $1.25 million settlement in June 2022 and the company agreeing to several provisions to strengthen its email security and breach response practices moving forward, such as:

  • Implementing and maintaining a breach response and notification plan 
  • Undergoing an independent information security assessment
  • Providing email security training for its employees
  • Maintaining enhanced behavior analytics tools to log and monitor potential security events on the company's network
  • Requiring multi-factor authentication for remote email access
  • Improving its password policies and procedures 

Can My Princess Cruises Information Be Used for Identity Theft?

Yes, the information exposed in the Princess Cruises data breach can potentially be used for identity theft (even though the company stated that it had no reason to suspect that was the case). The compromised data included highly sensitive private personal information (PPI) that cybercriminals could also use for fraud and scams. 

What Can You Do to Protect Yourself Online?

In our increasingly digital world, personal data is often shared online with various entities. The Princess Cruises data breach underscores the critical need for vigilance when sharing personal information, especially for those who frequently travel or embark on leisure trips. Here are some proactive measures to safeguard your information online and protect yourself from cybercriminals looking to use this information for nefarious purposes:

  • Create strong, unique passwords for each of your online accounts. Avoid using easily guessable information such as birthdays or common words.
  • Enable two-factor authentication (2FA) on your online accounts whenever possible. This adds an extra layer of security to the account.
  • Regularly check your credit reports and consider investing in credit monitoring services. You should also periodically review your bank account and credit card statements for unauthorized transactions and contact your financial institution immediately if you notice any suspicious activity.
  • Be wary of phishing emails and links. Do not click on links or download attachments from unknown or suspicious sources.
  • Never offer private personal or financial information to unknown requesters.
  • Keep your operating systems, browsers, and software up to date with the latest security patches. This helps protect against vulnerabilities that cybercriminals can exploit.
  • Install and maintain reputable antivirus and antimalware software on your devices.
  • Stay informed on the latest cybersecurity threats and best practices. Platforms like IDStrong offer regular updates on these topics, providing a convenient tool to educate and protect yourself from cyber threats.

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that much a ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

What You Need to Know about the Hot Topic Data Breach

What You Need to Know about the Hot Topic Data Breach

Hot Topic plays in the fashion, apparel, and shoe industry as a retailer of music-influenced apparel and accessories, such as jeans, tops, belts, dresses, pajamas, sunglasses, jewelry, and tees.

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

What Are Pretexting Attacks: Scam Types and Security Tips?

What Are Pretexting Attacks: Scam Types and Security Tips?

Have you ever received a text from someone you do not know? Did you become alarmed by the message? Did the message contain information about you and the people you know?

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close