Data Breach – Carnival’s Princess Cruises and Holland America Line

Date07 Mar 2020

Comment0

CategoriesConsumer Protection, Employment & Technology Archive

Compromise of Personal Information of Cruise Passengers – Unauthorized Access to Carnival Corporation’s Princess Cruises and Holland America Line Employee E-Mail Accounts

Kehoe Law Firm, P.C. is making consumers aware that Princess Cruises posted a “Notice of Potential Data Breach” on its website regarding the identification of suspicious activity on Princess Cruises’ network. Princess Cruises’ data breach notification was posted to make customers “aware of a privacy-related occurrence at Princess Cruises” and stated the following:

What Happened?

In late May 2019, [Princess Cruises] identified suspicious activity on our network. Upon identifying this potential security issue, we engaged cybersecurity forensic experts and initiated an investigation to determine what happened, what data was affected, and who was impacted. It now appears that between April 11 and July 23, 2019, an unsanctioned third party gained unauthorized access to some employee email accounts that contained personal information regarding [Princess Cruises’] employees, crew, and guests.

What Information Was Involved?

The types of data potentially impacted varies by individual but can include: name, address, Social Security number, government identification number, such as passport number or driver’s license number, credit card and financial account information, and health-related information. This list is not specific to each guest. [Princess Cruises does] not have any evidence of misuse of the personal information affecting any individual. [Emphasis added.]

Scmagazine.com reported (“Choppy waters: Data breach impacts Princess and Holland America cruise lines“) that “[a] press release regarding the incident says that the perpetrator managed to access the email accounts via deceptive phishing emails.”

Consumers should also be aware that Holland America Line posted a similar “Notice of Potential Data Breach” on its website regarding “a privacy event at Holland America Line.”

Holland America Line disclosed that an “unsanctioned third party gained unauthorized access to some employee email accounts that contained personal information regarding [Holland America Line’s] employees, crew, and guests,” as well as the fact that “[t]he types of data potentially impacted varies by individual but can include: name, address, Social Security number, government identification number, such as passport number or driver’s license number, credit card and financial account information, and health-related information.” [Emphasis added.]

Scmagazine.com reported (“Choppy waters: Data breach impacts Princess and Holland America cruise lines“) that “[t]he personal information of cruise passengers, crew and employees were compromised last year after an unauthorized party gained access to the email accounts of employees working for Princess Cruises and Holland America Line — both divisions of Carnival Corporation & plc.” [Emphasis added.]

Carnival Corporation & plc “Notice of Potential Data Breach” Submitted to California Attorney General

Kehoe Law Firm, P.C. recently made consumers aware (“Carnival Cruise Ship Operator Discloses Potential Data Breach“) that according to a “Notice of Potential Data Breach” submitted by Carnival Corporation & plc (“Carnival Corporation”) to the California Attorney General, Carnival Corporation, “[i]n late May 2019 . . . identified suspicious activity on [its] network.” Carnival Corporation stated that “[i]t now appears that between April 11 and July 23, 2019, an unsanctioned third party gained unauthorized access to some employee email accounts that contained personal information regarding [Carnival Corporation’s] guests.”

Carnival Corporation’s “Notice of Potential Data Breach” stated that “[t]he types of data potentially impacted varies by guest but can include: name, address, Social Security number, government identification number, such as passport number or driver’s license number, credit card and financial account information, and health-related information.” [Emphasis added.]

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.