Norwegian Cruise Line Holdings (NCLH), parent company of Norwegian Cruise Line, Regent Seven Seas Cruises, and Oceania Cruises, disclosed in July 2020 that it had suffered a data breach resulting from a phishing attack targeting company employees in March 2020. The incident occurred at the same time the cruise industry was forced to suspend all operations due to the COVID-19 pandemic. Unauthorized access to employee email accounts resulted in potential exposure of personal data including names, Social Security numbers, dates of birth, passport information, health-related information, and financial account information for employees, travel agency partners, and some customers. The scope varied by individual — not all exposed individuals had all data types compromised. NCLH notified affected individuals directly and offered credit monitoring services. The company was simultaneously dealing with the catastrophic operational shutdown of all three cruise brands due to COVID-19, making this one of several crises management had to navigate simultaneously in 2020.