Carnival Cruises: Data Breach Exposed Information of Almost Six Million Customers

Carnival Corporation Data Breach Affects Millions

Carnival Corporation has reported a data breach that occurred in April, impacting the personal information of about 6 million customers.

The cruise line acted quickly to prevent further unauthorized access and sought help from security experts and law enforcement after vulnerable employees were manipulated into accessing parts of the company’s IT systems, as noted by various sources.

According to a data breach notification submitted to the Maine Attorney General’s Office, the breach affected the personal details of 5,995,277 individuals.

The company stated:

“In April, we detected unauthorized access to a limited section of our IT systems caused by a social engineering attack targeting a single user account. We promptly halted the activity, engaged third-party security professionals, and informed law enforcement. Our investigation determined that certain personal information was accessed illegally. We have reached out to those affected and sincerely regret the worry this may have caused. Safeguarding your personal data is crucial for us, and we have implemented enhanced security measures on top of our existing protections. We remain committed to adapting our defenses against emerging threats.”

The compromised information may include names, addresses, email addresses, phone numbers, birth dates, driver’s license numbers, and passport numbers.

Carnival is currently offering two years of complimentary credit monitoring through TransUnion to certain U.S. customers.

The company has also advised affected individuals to stay alert, regularly check their account statements and credit history for any fraudulent activity, and reach out to local law enforcement if there’s suspicion of identity theft or fraud.

Recently, Carnival made headlines for canceling numerous reservations due to an IT issue that led to the erroneous display of very low prices on its website.

In 2025, a massive data breach was uncovered, reportedly exposing 16 billion login credentials, raising significant concerns about cybersecurity. This incident is alarming—the vast number of compromised credentials could facilitate account takeovers, personal information theft, and targeted phishing efforts. Specifically, the exposure of an Apple account raised red flags, as it could lead to access to a wide array of sensitive services, including iCloud and Apple Pay. Other compromised credentials reportedly include those from Google, Facebook, Instagram, Amazon, and several other popular platforms.