Carnival Corporation is warning millions of customers, including New Zealanders, that personal information such as names, addresses, contacts and passport numbers has been leaked in a major data breach.
In a public notice shared earlier this week, the global cruise operator said it had begun informing individuals whose data was accessed during a recent cyber security incident.
The Miami-based company said it had identified a “social engineering” attack targeting an individual employee on April 14.
Despite Carnival swiftly blocking the activity and alerting law enforcement, an investigation found customers’ personal data, including sensitive information such as IDs, had been accessed.
Carnival said it was offering its US-based customers two years of free credit monitoring with TransUnion, and recommends affected customers carefully monitor their accounts and credit histories.
ShinyHunters, a cyber crime group involved in several high-profile data breaches in recent years, has reportedly claimed responsibility for the hack.
Carnival Corporation has begun warning millions of affected cruise customers about the April 14 breach. Photo / Jonathan Leonardo
According to a data breach notice filed by Carnival with the Maine Attorney General’s office, it is believed 5,995,277 customer records were accessed by the group.
One affected Kiwi, who asked not to be named, told the Herald they received an email from Carnival on Saturday morning disclosing that their personal information had been accessed and copied by a “bad actor”.
“The company has been conducting a thorough and time‑consuming analysis of the impacted files to determine what personal information they contained and to whom that information belongs,“ the email said.
“We have determined that your full name, address, email address, phone number, and passport number were obtained.”
Urging them to be vigilant “against threats of identity theft or fraud”, Carnival recommended the customer monitor accounts for unauthorised transactions or activity, and contact police if fraud or identity theft is suspected to have occurred.
ShinyHunters recently infiltrated the digital learning management service Canvas, temporarily blocking New Zealand students from accessing the system amid their assessments.
University of Auckland, Victoria University of Wellington and Auckland University of Technology are among the tertiary providers whose students use Canvas to complete tasks such as submitting assignments, tracking grades and accessing course materials.
Take your Radio, Podcasts and Music with you
Get the iHeart App
Get more of the radio, music and podcasts you love with the FREE iHeart app. Scan the QR code to download now.
Download from the app stores
Stream unlimited music, thousands of radio stations and podcasts all in one app. iHeart is easy to use and all FREE
