Princess Cruises, the cruise liner forced to halt its global operations after two of its ships confirmed on-board outbreaks of coronavirus, has now confirmed a data breach.
The notice posted on its website, believed to have been posted in early March, said the company detected unauthorized access to a number of its email accounts over a four month period between April and July 2019, some of which contained personal information on its employees, crew, and guests.
Princess said names, addresses, Social Security numbers, and government IDs — such as passport numbers and driver’s license numbers — may have been accessed, along with financial and health information.
But, the cruise liner said, that the potentially impacted data is “not specific” to each guest.
Princess said it discovered the suspicious activity on its network in May 2019. It’s not known why it took almost a year for the cruise liner to disclose the breach.
A company spokesperson did not immediately respond to a request for comment.
Carnival, which owns the Princess brand, saw its shares tank by more than 30% this week after the cruise liner said it would suspend its fleet of 18 ships following the declaration of the COVID-19 pandemic. The company was at the center of two separate incidents involving its ships carrying dozens of patients infected with the coronavirus strain in Japan and more recently California.
The cruise liner did not say under which jurisdictions it reported the breach. Companies can be fined up to 4% of their annual turnover for violations of European data protection rules.