‘Princess Cruises’ Announces Data Breach That Happened Last Year

Last updated September 17, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

‘Princess Cruises’, the Bermuda-based line that has a fleet of 18 cruise ships, has announced a data breach incident that apparently happened last year. The notice on its website is believed to have been posted in early March. More specifically, in May 2019, the company detected suspicious activity on their network, and immediately contracted a cybersecurity forensic firm to help them figure out what happened. The subsequent investigation revealed that someone had managed to establish their presence in the cruise line’s systems between April 11 and July 23, 2019. The information that was accessed and potentially stolen concerns employees, crew, and even guests.

The type of data that has been compromised includes the following: name, address, Social Security number, government identification number, passport number or driver's license number, credit card and financial account information, and also health-related information. This is very sensitive information, but Princess Cruises says that the above doesn’t apply to all entries. Each compromised individual has a different exposure profile. Still, the company hasn't clarified how many lost their credit card number details, for example, or even how many people have been exposed in this incident.

Their advice to the compromised members of the crew and the guests is to be careful when receiving unsolicited emails or SMS messages, to monitor bank account activity, and report anything suspicious to the police and the card issuer. The most common risks for these people now are phishing attacks and identity theft attempts. If you have traveled with Princess Cruises in the past, you may call them at +1 (833) 719-0091 (toll-free U.S.) or +1 (936) 215-6456 (for international callers) and discuss the matter further.

So, why did ‘Princess Cruises’ decide to disclose the incident almost ten months after they realized the data breach? Officially, the company claims that it just came to the position to provide reliable information, as its investigation is still ongoing. However, the fact that the COVID-19 hit two of its ships and that it just decided to halt global operations for the next two months may have played a role here. The whole world is dealing with a situation, and the spotlight is firmly fixed elsewhere. Announcing a data breach and getting over with it now would be all too convenient. Carnival Corporation, which is the owner of Princess Cruises, saw its share price drop by 30% this week, so they are already sailing on turbulent waters already. This means there's little, if anything, that can make their situation worse.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: