Princess Cruises and Holland America Line have quietly revealed they were hacked last year.
In May 2019 the Carnival Corp brands identified a number of ‘deceptive emails’ in what looks like a classic phishing scam.
The emails were sent between April 11 and June 23, 2019.
Princess and HAL jointly say they ‘took swift action’ to shut down the hack to stop further unauthorized access.
They haven’t said why they didn’t take similar swift action and waited nearly 10 months to publically disclose the breach.
It seems hackers got access to a treasure trove of guest personal information.
"The investigation revealed unauthorized third-part access to certain e-mail accounts containing employee and guest personal information, including names, Social Security numbers, government identification number, such as passport numbers, national identity card numbers, credit card, and financial account information, and health-related information," a statement said.
"We sincerely regret this occurred and for any concern that this may have caused."
Despite this, it says there is ‘currently no indication of any misuse’ of personal or financial information.
Still, guests are being advised to monitor account statements and credit history for any unauthorized account activity.
Law enforcement agencies were notified and they are reviewing security and privacy policies.
Changes will be made where appropriate to strengthen information security, the companies said.
















