Cruise lines hit by cyberattacks

worried father
Share on facebook
Share on twitter
Share on linkedin

A leading cruise operator has fallen victim to a major cyber-hack.

This attack leaves holidaymakers and employees vulnerable to financial and identity fraud. The Carnival Corporation is the world’s largest travel leisure business. It hosts almost 13 million passengers each year. 

The company operates several different brands that might have been affected in the cruise line data breach.

The company’s cruise lines include:

  • Carnival Cruise Line
  • Princess Cruises
  • Costa Cruises
  • AIDA Cruises
  • Holland America Line
  • P&O Cruises
  • P&O Cruises Australia
  • Cunard Line
  • Seabourn Cruise Line

What happened in the cruise line data breach?


On 15th August 2020, the Carnival Corporation suffered a ransomware attack which compromised the personal data of both passengers and crew. We don’t yet know how many customers are compromised, or which brands have been targeted. But it is likely that a massive amount of data is now at risk.

The company has not yet specified what information was exposed. So, the stolen data might include anything from email addresses to passport or credit card information.

What is ransomware?


A ransomware attack happens when criminals infect an organisation’s systems and prevent or limit access unless a ransom is paid. Ransom may also be requested to stop the criminals releasing sensitive data into the public domain.

Finding out that your personal data has been held hostage in a ransomware violation can be extremely distressing. Especially where you trusted an organisation to look after it.

To make matters worse, if this information is eventually breached, it may be used to commit further crimes against you. So it’s no wonder that people commonly suffer emotional anguish, anxiety and stress after a ransomware data hack.


What happens now?


An investigation is taking place to determine how the attack took place. If the company did not look after customer and employee data properly (as it is legally required to do), we may launch a group action claim against the Carnival Corporation.

There are certainly concerns about the cruise operator’s data security measures. Not least because Carnival Corp. suffered another data breach earlier this year. On that occasion, employee email accounts were hacked, and sensitive information exposed.

Stay safe following the cruise line data breach


If you are a passenger or employee worried about the Carnival Corporation data breach, you should:

Protect your finances
  • Contact your bank or credit card provider immediately if your financial data has been exposed
  • Check all bills and emails for goods or services you have not ordered
  • Check your bank account for unfamiliar transactions
  • Alert your bank or credit card provider immediately if there is any suspicious activity
  • Monitor your credit score for any unexpected dips
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank)
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
Be vigilant
  • Never automatically click on any suspicious links or downloads in emails or texts
  • Don’t assume an email or phone call is authentic just because someone has your details
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details
  • Know that, even if you recognise a name or number, it might not be genuine
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction
  • Listen to your instincts and ask questions if something feels “off”
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data
  • Don’t accept friend requests from people you don’t know on social media
  • Review your online privacy settings.
Put some data protection best practices in place:
  • Register with the Cifas protective registration service to slow down credit applications made in your name
  • Change your passwords regularly and use a different password for every account (a password manager can help with this)
  • Protect your devices with up to date internet security software.

Make a data breach compensation claim with Keller Lenkner UK’s expert data breach lawyers


You might be eligible for ransomware compensation if an organisation has failed to protect your personal data.

To ensure your data breach claim is successful, you must get professional legal representation. But choosing a solicitor can be daunting. Not least because – should you get it wrong – your decision could prove to be a costly mistake.

For the best chance of winning, contact the Keller Lenkner UK data breach team. Specialists in data breach law, we understand what it takes to make a successful data breach claim, regardless of the type of organisation involved.

Contact Keller Lenkner UK’s expert data breach lawyers to discuss the cruise line data breach.

Share this article:

Share on facebook
Share on twitter
Share on linkedin