Carnival Corporation, the world’s largest cruise ship operator, has reported a potential data breach.
The incident occurred in mid-2019 and seems to have begun with a compromised employee email account. It's thought personally identifiable information could have been stolen.
Writing to its customers, as well as the Office of the California Attorney General, the company said:
"In late May 2019, we identified suspicious activity on our network. Upon identifying this potential security issue, we engaged cybersecurity forensic experts and initiated an investigation to determine what happened, what data was affected, and who was impacted."
"It now appears that between April 11 and July 23, 2019, an unsanctioned third party gained unauthorised access to some employee email accounts that contained personal information regarding our guests," it added.
The company said hackers could have accessed a range of information, including names, addresses, Social Security numbers, and official forms of identification.
It's also possible attackers obtained payment details and information relating to customer health.
According to Bleeping Computer, Carnival has not yet found evidence the exposed information has been misused, but informed law enforcement agencies regardless.
“We take privacy and security of personal information very seriously, and we are offering affected individuals free credit monitoring and identity theft detection services ,” the company added.