Carnival Corporation, the world's leading cruise line operator, has recently informed its customers about a significant data security incident affecting the personal information of approximately 6 million individuals. The breach was attributed to the ShinyHunters hacking group, known for targeting various organizations in recent years.
Operating a diverse fleet of over 90 ships across nine cruise lines--including Carnival Cruise Line, Costa, and Princess Cruises--Carnival welcomed around 13.5 million travelers in 2025 alone.
Details of the Data Breach
According to a notice submitted to the Maine attorney general, Carnival Corporation detected "unauthorized activity" within its network on April 14. Cybercriminals employed social engineering tactics to infiltrate an employee's account, facilitating the theft of sensitive information. The compromised data reportedly includes names, birth dates, email addresses, genders, geographic locations, and details from loyalty programs. The breach was confirmed to have occurred on April 10, with the exposure of personal information acknowledged by the company on April 22.
In recent years, Carnival has faced several cybersecurity incidents that have raised concerns about the safeguarding of customer, employee, and crew member information.
Steps for Affected Individuals
Starting May 27, Carnival began reaching out to those impacted by the breach. Affected individuals should be vigilant for correspondence regarding the incident. To assist, the company is offering a complimentary 24-month membership to TransUnion's My TrueIdentity credit monitoring service, with enrollment instructions provided in the notification. Consumers must complete the sign-up by August 31.
Regardless of whether you receive a notification, it is crucial to remain cautious about potential phishing attempts that may arise from the compromised data. Be alert for any communication claiming to be from Carnival or its affiliated brands, especially requests for personal information. Additionally, consider implementing protective measures against identity theft, such as freezing your credit and regularly monitoring your accounts for unusual activity.