Carnival Corporation said the personal information of nearly six million customers was leaked due to a data breach in April.
When an unauthorized actor deceived an employee to access part of the corporation’s IT system, the cruise company said it immediately took action to block it and contacted third-party security experts and police, Fox News reported Saturday.
“The company’s data breach notice filed with the Maine Attorney General’s office said the hack affected 5,995,277 people’s personal information,” the outlet continued.
Per KHOU, the company said:
In April, we identified unauthorized access to a limited part of our IT system caused by a social engineering attack on a single user account. We immediately blocked the activity, engaged third-party security experts and alerted law enforcement. Our investigation found certain personal information was illegally accessed. We’re notifying affected individuals and deeply regret any concern this causes. Protecting the privacy and security of personal data is a priority for us and we’ve added new layers of security and monitoring on top of the comprehensive protections already in place. We’ll also continue advancing our defenses against evolving threats.
The breach may have involved names, addresses, emails, phone numbers, birth dates, driver’s license numbers, and passport numbers.
Now, Carnival is offering some U.S. customers two years of complimentary credit monitoring via TransUnion.
“The company is also urging affected individuals to stay vigilant, monitor their account statements and credit histories for signs of unauthorized activity, and contact local police if they suspect they have become victims of identity theft or fraud,” the KHOU article stated.
Carnival was also in the news recently for canceling a batch of reservations following an IT issue on its website that showed dirt cheap prices, Breitbart News reported May 23.
In 2025, security researchers uncovered what was possibly the biggest data breach in history comprising the exposure of 16 billion login credentials.
“The implications of this breach are far-reaching and deeply concerning. With access to such a vast number of login credentials, cybercriminals can easily carry out account takeovers, steal identities, and launch highly targeted phishing campaigns,” the Breitbart News article said. “Apple accounts, which are among the exposed credentials, are particularly worrisome, as they can be used to access a wide range of sensitive information and services, including iCloud, Apple Pay, and the App Store. Other logins reportedly included in the massive datasets include Google, Facebook, Instagram, Amazon, and many other popular web services.”