In late May 2019, Princess Cruises identified a series of deceptive emails sent to employees resulting in unauthorised third-party access to some employee email accounts. The company acted quickly to shut down the attack and prevent further unauthorized access. It also retained a major cybersecurity firm to investigate the matter while reinforcing security and privacy protocols to further protect systems and information.
The investigation revealed unauthorised third-party access to certain email accounts containing employee and guest personal information, including names, Social Security numbers, government identification numbers, such as passport numbers, national identity card numbers, credit card and financial account information, and health-related information. The company notified law enforcement of the incident and are notifying affected individuals where possible.
While there is currently no indication of any misuse of this information, credit monitoring and identity protection services will be provided free of charge to give those affected peace of mind. The company also established a dedicated toll-free number for questions related to this incident: 1-833-719-0091 (toll-free U.S.) or 1-936-215-6456 (International).
Data privacy and protection are extremely important to Princess Cruises and the company regrets this incident. As part of its ongoing operations, the company is reviewing security & privacy policies and procedures and implementing changes when needed to enhance information security.
Statement issued by Princess Cruises: 2 March 2020