Carnival Cruise Company Suffered a Massive Data Breach.
If you’ve ever been on a cruise, there’s a good chance your personal data has been exposed in a major data breach. Carnival Corporation, the world’s largest cruise line operator, is warning consumers about a recent hack that affected 6 million people. The hacker group ShinyHunters, which has attacked hundreds of companies in recent years, including Canvas and TransUnion , has claimed responsibility for the incident.
Carnival Corporation operates a fleet of more than 90 ships across nine cruise lines: Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and Seabourn. Approximately 13.5 million people will have cruised with Carnival in 2025.
What happened as a result of the Carnival Cruise data breach?
According to a data breach notification filed with the Maine Attorney General’s Office, Carnival Corporation detected “unauthorized activity” on its network on April 14. Attackers used social engineering techniques to gain access through an employee’s account and copy personal information. The stolen data apparently includes names, dates of birth, email addresses, genders, geographic locations, and loyalty program information. The breach itself occurred on April 10, and the company confirmed the personal information breach on April 22.
As BleepingComputer reports , Carnival has reported numerous other cyber incidents in recent years that have compromised the personal information of customers, employees, and crew members.
What to do if your data has been stolen?
Carnival began notifying those affected by the data breach on May 27, so stay tuned for emails regarding the incident. The company is offering a free 24-month subscription to its credit monitoring service, My TrueIdentity, from TransUnion. Registration instructions, including an activation code, are included in the notification. Eligible customers must complete the registration process by August 31.
Whether or not you’ve received a data breach notification, remember that information compromised in a hack could be used in targeted phishing attacks. Be wary of any messages that refer to or appear to originate from Carnival or any of its cruise lines, especially if you’re asked to confirm or provide any personal information. You should also take recommended steps to protect against identity theft , including blocking your credit card and monitoring your accounts for suspicious activity.