Princess Cruises Ltd. and Holland America Line Inc. on March 2 disclosed cybersecurity breaches that may have compromised the personal information of some employees and guests.
The incidents at the Carnival Corporation & PLC-owned passenger cruise lines happened in May 2019.
Princess Cruises and Holland America said they found a series of deceptive emails sent to employees last year that made it possible to access some employee email accounts, potentially exposing personal information such as names, social security numbers, passport details and credit card information of some employees and guests.
Both said they "acted quickly" to stop the attack and prevent further unauthorized access. They also said they hired a cybersecurity firm to investigate the matter.
There is no indication that the information has been misused, the companies said.
In New York trading on March 3, Carnival's stock fell as much as 5.75% before paring losses to close down 3.72% to $31.83.