Carnival Corporation Offers Free Credit Monitoring After Data Breach
Carnival Corporation, known as the biggest cruise company in the world, recently announced that it will provide two years of free credit monitoring to certain U.S. customers following a data breach that compromised the personal information of nearly 6 million individuals.
In a statement, the company revealed that they became aware of unauthorized access to their IT systems due to a social engineering attack targeting a single user account. Immediate measures were taken to halt the breach, and they enlisted third-party security experts while notifying law enforcement.
According to a news release from Carnival, investigations showed that personal data had been unlawfully accessed by an attacker who deceived employees into accessing the company’s systems. The breach reportedly affected the data of 5,995,277 people, as indicated in a notification to the Maine Attorney General’s Office.
In its 2025 Annual Report, Carnival noted that it had approximately 13.5 million guests that year, supported by its fleet of 90 ships. Their offerings include several cruise lines, such as AIDA, Costa, Cunard, Holland America, P&O, and Princess.
Carnival is conducting an ongoing, thorough review to identify exactly what types of personal information were compromised. They have confirmed that names, email addresses, phone numbers, dates of birth, as well as driver’s license and passport numbers, were included in the affected data.
The company has issued notification letters to those whose data was impacted by the incident, expressing regret for any distress caused. They emphasized that safeguarding personal data remains a top priority and are enhancing their security measures beyond existing protections.
Additionally, Carnival is reaching out to individuals who were unable to receive notification letters initially, and they’ve addressed concerns regarding the timing of the notifications after the breach.
On platforms like Reddit, some customers have expressed frustration regarding the situation. One user noted, “Our data has been out there for a while now.” Others voiced expectations for compensation or vouchers for future cruises as a form of redress.
Moreover, a group of hackers called ShinyHunters has claimed responsibility for the breach, yet Carnival has not confirmed this assertion. As per a report, some believe that the company may have refused to pay a ransom, leading to the information being publicly available. However, Carnival has not clarified where any compromised data ended up.
In light of the breach, the company reiterated that it would offer two years of free credit monitoring through TransUnion, and customers are encouraged to actively monitor their accounts and credit history for any unusual activity.
