Princess Cruises Confirms Data Breach

Carnival-owned Princess Cruises — the cruise line forced to suspend operations after two ships became hot spots for coronavirus — reports that a breach may have compromised passenger data.

A notice published on the Princess website says suspicious activity was identified in late May 2019. Forensics experts were hired to launch an investigation, which found an unauthorized party gained access to some employee accounts between April 11 and July 23, 2019. It's unclear why Princess waited to post the notice, which is believed to have gone live in early March 2020.

The employee accounts accessed contained personal data regarding Princess employees, crew, and guests. While the type of data compromised "varies by individual," officials say, it could include name, address, Social Security number, government identification number (passport number or driver's license number), credit card and bank account information, and health data.

Princess does not have any evidence indicating this personal data has been misused. The matter has been reported to law enforcement and an investigation is still ongoing. In addition, it's reviewing its security policies and implementing changes to strengthen its security program.

Read the full breach notice here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "CASB 101: Why a Cloud Access Security Broker Matters."