If you’ve ever cruised on a Carnival ship, your personal information might have been exposed in a recent hack.

The accessed data included personal information from customers, such as their name, address, email address, phone number, date of birth, and ID information (e.g., passport or driver’s license number).

According to a notice published by the company on May 27, Carnival’s IT department first became aware of unidentified access to a “limited portion” of the company’s IT system on April 14. The data is said to have been accessed through an act of social engineering, a form of cyberattack in which bad actors manipulate an individual into granting access to systems or information.