Top 5 things you need to know about the Carnival Corporation Data Breach
* **Classic Double Whammy:** The breach exposed both personal and financial data, with hackers stealing passport numbers, driver’s licenses, and linked credit card details from millions of loyalty program members.
* **Silent for Months:** The company did not publicly notify affected customers for over three months, a delay that regulators are now investigating for potential violations of GDPR and U.S. notification laws.
* **Giant Scope:** Over 130,000 current and former employees were also compromised, making this one of the largest internal data spills in travel history, not just a customer incident.
* **Ransomware Twist:** Hackers from a known ransomware group not only stole the data but also encrypted internal servers, temporarily grounding online booking and embarkation systems for 48 hours.
* **Free Credit Monitoring?** Carnival has offered two years of free credit monitoring, but victims are already reporting fraudulent charges and spam calls, forcing many to freeze their credit entirely.