Cruise line operator Carnival Corporation is notifying approximately 6 million individuals that their personal information was stolen in a recent data breach.
Carnival said the incident was identified on April 14, after hackers gained access to an employee’s account via social engineering.
Using the compromised account, the attackers accessed certain company systems and exfiltrated files containing personal information.
“The company has been conducting a thorough and time-consuming analysis of the impacted files to determine what personal information they contained and to whom that information belongs,” an incident notice on Carnival’s website reads.
According to the company, the potentially impacted information varies by individual, but generally includes names, addresses, dates of birth, email addresses, phone numbers, and government-issued ID numbers.
