The accounts included the personal data of those who had traveled and worked on board the Princess and Holland America ships, exposing various data, such as:
- Social Security numbers;
- Government identification information, such as passport numbers and driver’s license numbers;
- Credit cards and financial account information;
- Health-related information.
Carnival did not reveal how many passengers and employees were affected. However, it filed a data security notice with the California Attorney General, indicating that at least 500 California residents were involved in the case, as this is the minimum number of people needed to trigger a mandatory filing.
Commenting on the news, Jim Van Dyke, co-founder and CEO of Breach Clarity, said that this is a nasty breach. Breach Clarity rated both the Princess and Holland America breaches a ‘seven’ risk level out of ten.