Carnival Cruise Line’s parent company is dealing with a new crisis—this time involving customer data rather than onboard incidents. Carnival Corporation disclosed a cybersecurity breach that exposed personal information belonging to millions of individuals after a company employee’s account was compromised through a social engineering attack.
According to Reuters, the unauthorized access was discovered in April and involved a bad actor deceiving an employee into granting access to sensitive information. Carnival said it moved quickly to stop the intrusion once it was identified and launched an investigation with assistance from external cybersecurity specialists.
The company confirmed that information exposed during the breach included personal details such as names, addresses, and government-issued identification numbers. While Carnival has not publicly detailed exactly how many people were affected in its latest statement, reports indicate the incident could impact as many as 10 million consumers across the company’s brands.
In a statement, Carnival said it has begun notifying affected individuals and is offering U.S.-based customers two years of complimentary credit monitoring through TransUnion. The company also urged customers to monitor their financial accounts, review credit reports, and remain alert for signs of identity theft or fraud.
Carnival added that it has strengthened internal security controls and plans to continue enhancing its cybersecurity defenses following the incident.
The breach marks another cybersecurity challenge for the cruise giant. In 2021, Carnival disclosed unauthorized access to parts of its computer systems that affected personal information associated with several brands in its portfolio, including Carnival Cruise Line, Holland America Line, Princess Cruises, and certain medical operations.
The disclosure arrives during a period when Carnival Cruise Line has already been managing an unusually heavy stream of legal and operational issues. In recent months, the company has faced multiple lawsuits, including claims tied to a passenger who allegedly suffered severe burns from a hot deck aboard the Carnival Magic, an Alabama woman who sued after a mobility scooter accident on the Carnival Valor, and a former college student who lost both legs during a Bahamas excursion marketed through the cruise line.
Beyond the courtroom, Carnival has also made headlines for passenger fatalities, onboard altercations that resulted in federal assault citations, and a pricing glitch that briefly allowed customers to book cruises at dramatically reduced rates before reservations were canceled.
