Carnival Cruise says customer and employee data may have been exposed in a data breach in March.
Carnival spokesperson Roger Frizzell told The Hill in a statement Friday that the company detected an intrusion to parts of its IT systems on March 19. It quickly shut down the hack, and engaged a cybersecurity firm to investigate.
The investigation revealed “unauthorized third-party access to certain personal information relating to some guests, employees and crew for Carnival Cruise Line, Holland America Line, Princess Cruises and medical operations,” Frizzell said, adding there is evidence indicating a low likelihood of the data being misused.
The cruise operator had notified those whose personal information may have been impacted and has established a dedicated call center to answer questions about the event, he said.
The company has implemented changes to enhance its security and privacy programs and controls.
The hack was first reported by The Associated Press on Thursday, which noted that the company had also been breached twice last year.
The AP did not report how many customers or staffers may have been affected.
The hack on Carnival comes amid a series of high-profile cyberattacks on large corporations.
Colonial Pipeline was forced to pay $4.4 million in ransom after a hack forced it to shut down operations, leading to fuel shortages across the East Cost.
Meat supplier JBS USA paid $11 million in ransom after a cyberattack that forced it to temporarily close some of its plants.
Last week, McDonald's revealed that a data breach had targeted its markets in South Korea, Taiwan and the U.S.