NEWYou can now listen to Fox News articles!
Carnival Corporation, the world’s largest cruise company, announced it is offering some U.S. travelers two years of free credit monitoring after a data breach leaked the personal information of nearly 6 million customers.
“In April, we identified unauthorized access to a limited part of our IT system caused by a social engineering attack on a single user account,” Carnival Corporation said in a statement to Fox News Digital. “We immediately blocked the activity, engaged third-party security experts and alerted law enforcement.”
In a news release published on its website, Carnival said its investigation found that certain personal information was illegally accessed by an unauthorized actor who deceived an employee to gain access to its system.
MAJOR CRUISE COMPANY CANCELS ROCK-BOTTOM FARES AFTER MASSIVE WEBSITE PRICING GLITCH
According to the company’s data breach notice filed with the Maine Attorney General’s office, the hack affected 5,995,277 people’s personal information.
The company’s 2025 annual report said it served approximately 13.5 million guests in 2025 on its fleet of 90 ships. In addition to Carnival Cruise Line, the company’s portfolio includes the AIDA, Costa, Cunard, Holland America, P&O and Princess cruise lines.
Carnival said it is conducting “a thorough and time-consuming analysis” to determine what specific personal information was compromised.
The company said that so far, it has determined that names, email addresses, phone numbers, dates of birth and driver’s license and passport numbers were included in the impacted data.
Carnival announced it sent notification letters to people affected by the cybersecurity incident.
CLICK HERE FOR MORE LIFESTYLE STORIES
“We’re notifying affected individuals and deeply regret any concern this causes,” Carnival told Fox News Digital.
“Protecting the privacy and security of personal data is a priority for us and we’ve added new layers of security and monitoring on top of the comprehensive protections already in place,” the company added. “We’ll also continue advancing our defenses against evolving threats.”
In an online notice Carnival said was intended for people they weren’t able to send notification letters to, the company addressed concerns about the length of time that passed before affected customers were notified of the breach.
The company included “Why am I just finding out about this?” in the notice’s FAQ.
“We understand this process can feel slow, and we appreciate your patience,” Carnival answered. “Complex incidents like this take time and careful investigation to understand what information was affected and who it belongs to, and then to ensure notifications are handled accurately. After identifying and stopping the incident, our focus shifted immediately to investigating it fully and communicating with all impacted parties as soon as we could.”
Some frustrated customers reacted to the notice on Reddit’s r/CarnivalCruiseFans forum.
“At this point our data has been out for quite some time,” wrote one commentator.
Others said they would prefer to be paid for their troubles or offered a voucher for a future cruise.
TEST YOURSELF WITH OUR LATEST LIFESTYLE QUIZ
Another Redditor referenced a report that Carnival allegedly refused to pay a ransom to the hackers and now customers’ information is “published on the dark web.”
This report has not been substantiated by Carnival, and the company has not publicly disclosed where customers’ personal information has ended up.
According to securityweek.com, “the infamous extortion group” ShinyHunters has claimed credit for the attack. The website noted, however, that Carnival has not confirmed the claim.
“From glitches to data breaches. What’s going on Carnival?” wrote another, referencing the company’s recent cancellation of cruise reservations after an apparent website glitch briefly displayed extremely discounted fares.
Regarding the security breach, the company said it is “offering individuals in the U.S. two years of complimentary credit monitoring through its preferred third-party vendor, TransUnion.”
In addition to enrolling in credit-monitoring system, Carnival is encouraging affected customers to monitor accounts and credit histories vigilantly and contact local police if they suspect fraud or identity theft.
Read the full article here
