Princess Cruises said that the data breach happened in May 2019 after a series of deceptive emails were sent to employees resulting in unauthorized third-party access to some employee email accounts.
The cruise line acted quickly to shut down the attack and prevent further unauthorized access. It also retained a major cybersecurity firm to investigate the matter while reinforcing security and privacy protocols to further protect systems and information.
The investigation revealed unauthorized third-party access to certain email accounts containing employee and guest personal information, including names, Social Security numbers, government identification numbers, such as passport numbers, national identity card numbers, credit card and financial account information, and health-related information. Princess Cruises notified law enforcement of the incident and are notifying affected individuals where possible.
While there is currently no indication of any misuse of this information, credit monitoring and identity protection services will be provided free of charge to give those affected peace of mind. The cruise line also established a dedicated toll-free number for questions related to this incident: 1-833-719-0091 (toll-free U.S.) or 1-936-215-6456 (International).
Princess Cruises went on to say that data privacy and protection are extremely important to them. As part of their ongoing operations, the cruise line is reviewing security & privacy policies and procedures and implementing changes when needed to enhance information security.