Carnival Corporation, the world's largest cruise operator, is offering two years of complimentary credit monitoring to nearly six million U.S. customers following a data breach that occurred in April. The breach compromised the personal information of 5,995,277 individuals after a hacker used social engineering techniques to deceive an employee and gain access to a limited portion of the company's IT systems.
What Data Was Exposed?
The compromised data includes names, addresses, email addresses, phone numbers, birth dates, and government-issued identification numbers such as driver's license and passport numbers. The specific information varied by individual, but the breadth of the exposure has raised significant privacy concerns among affected customers.
Notification Timeline Criticised
Carnival began sending individual email notifications on May 27, a timeline that has drawn criticism from some customers on online forums due to the perceived delay in communication. Many affected individuals expressed frustration that they were not informed sooner, given that the breach occurred over a month earlier.
ShinyHunters Claims Responsibility
While Carnival has not publicly verified the identity of the attackers, Security Week reported that the extortion collective ShinyHunters has claimed responsibility for the cyberattack. The group is known for targeting large corporations and selling stolen data on dark web forums.
What Customers Should Do
Carnival is advising affected customers to take advantage of the free credit monitoring service and to remain vigilant for any suspicious activity. The company has also recommended that customers review their account statements regularly and consider placing a fraud alert on their credit files.
This incident underscores the growing threat of social engineering attacks, which exploit human error rather than technical vulnerabilities. As cybercriminals become increasingly sophisticated, companies across all sectors must invest in employee training and robust security protocols to protect sensitive customer data.
