Carnival Cruise Line Had a Data Breach Affecting 6 Million Customers
If you've sailed with Carnival recently — or not so recently — your personal information may have been compromised.
Carnival Corporation disclosed on May 27 that its IT team discovered a cybersecurity breach on April 14 that exposed customer data including names, addresses, email addresses, phone numbers, dates of birth, and government-issued ID numbers like driver's license and passport numbers. A filing with Maine's attorney general puts the number of affected people at nearly 6 million.
The company started notifying affected customers by email on May 27. If you haven't received an email but think you might be impacted, Carnival also posted a notice on its website for anyone whose contact information may be out of date.
How It Happened
This wasn't a sophisticated hack of Carnival's core systems. It was a social engineering attack — someone deceived a Carnival employee into giving them access to a limited portion of the company's IT infrastructure. One compromised account, one manipulated employee, and nearly 6 million people's personal data exposed.
Carnival said it moved quickly once the breach was detected, blocking the unauthorized activity and bringing in third-party security experts. Eight days after the initial discovery, on April 22, the company confirmed that customer data had actually been accessed.
What You Should Do
Carnival is offering two free years of credit monitoring through TransUnion to everyone affected. If you received a notification letter or email, you can enroll through the details provided. The TransUnion call center is available at 1-844-593-8310 Monday through Friday from 8 a.m. to 8 p.m. Eastern, excluding major holidays.
Even if you haven't heard from Carnival yet, it's worth taking some basic steps now. Check your bank statements and credit reports for anything unfamiliar. Be cautious of phishing emails that may use your personal information to seem legitimate — your name, address, and email being in someone's hands makes targeted scams more convincing. If your passport number was among the compromised data, that's worth flagging with the State Department as well.
Passport numbers and driver's license numbers in the wrong hands are more useful to bad actors than most people realize. They can be used in identity theft schemes that don't always show up immediately in your credit history.
Carnival said it has added new layers of security on top of its existing protections and will continue to improve its defenses. That's the standard post-breach statement every company makes. Whether it prevents the next one is a different question.
Curious for more stories that keep you informed and entertained? From the latest headlines to everyday insights, YourLifeBuzz has more to explore. Dive into what’s next.