Princess Cruises, the cruise liner forced to halt its global operations after two of its ships confirmed on-board outbreaks of the coronavirus, has now confirmed a data breach.
The notice posted on its website, believed to have been posted in early March, said the company detected unauthorized access to a number of its email accounts over a four-month period between April and July 2019, some of which contained personal information on its employees, crew and guests.
Princess said names, addresses, Social Security numbers and government IDs — such as passport numbers and driver license numbers — may have been accessed, along with financial and health information.
But, the cruise liner said, the potentially impacted data is “not specific” to each guest.
Hackers are jumping on the COVID-19 pandemic to spread malware
Princess said it discovered the suspicious activity on its network in May 2019. It’s not known why it took almost a year for the cruise liner to disclose the breach.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
A company spokesperson did not immediately respond to a request for comment.
Carnival, which owns the Princess brand, saw its shares tank by more than 30% this week after the cruise liner said it would suspend its fleet of 18 ships following the declaration of the COVID-19 pandemic. The company was at the center of two separate incidents involving its ships carrying dozens of patients infected with the coronavirus strain in Japan and more recently California.
The cruise liner did not say under which jurisdictions it reported the breach. Companies can be fined up to 4% of their annual turnover for violations of European data protection rules.
