Princess Cruises and Holland America Line have quietly revealed that in May 2019 they identified a number of ‘deceptive emails’ in what looks like a phishing scam. Princess and HAL said they ‘took swift action’ to shut down the hack to stop further unauthorized access.

The emails were sent between April 11 and June 23, 2019.

They did not disclose why they took this long to disclose the breach to the public.

In a statement the two Carnival cruise brands said, “The investigation revealed unauthorized third-part access to certain e-mail accounts containing employee and guest personal information, including names, Social Security numbers, government identification number, such as passport numbers, national identity card numbers, credit card, and financial account information, and health-related information.”

“We sincerely regret this occurred and for any concern that this may have caused.”

They maintain however, that there is ‘currently no indication of any misuse’ of personal or financial information.

Nonetheless guests are being advised to monitor account statements and credit history for any unauthorized account activity.

Law enforcement agencies were notified and they are reviewing security and privacy policies. The cruise lines said changes will be made where appropriate to strengthen information security.