Carnival Data Breach Impacts 5.9 Million Individuals

Carnival Corporation, the world's largest cruise company, has disclosed a data breach affecting 5,995,277 individuals in the United States, including 9,746 Maine residents. The company, headquartered in Doral, Florida, is the parent of major cruise brands including Carnival Cruise Line, Princess Cruises, Holland America Line, Cunard and Costa Cruises.

According to the company's notification to consumers, an unauthorized actor used social engineering to deceive an employee and gain access to a limited portion of the company's IT system.

Upon identifying the unauthorized activity, the company's IT security team blocked the unauthorized access and began working with third-party security experts to strengthen its security and conduct a thorough investigation.

On April 22, 2026, the company determined that the unauthorized actor had illegally copied personal information from the company's systems. The specific types of personal information exposed vary by individual, with each affected person's notification letter listing the particular data types involved in their case.

The specific categories of information compromised as a result of the breach remain undisclosed to the public at this time but may include names, Social Security numbers, financial account information and other sensitive personal information.

Carnival began notifying affected consumers electronically beginning on May 27, 2026.

Carnival's response to the breach

Carnival is offering all affected individuals a complimentary 24-month membership to TransUnion's credit monitoring service. The service includes single bureau credit monitoring, a single bureau credit report, a single bureau credit score and proactive fraud assistance.

To enroll, affected adults can visit mytrueidentity.com and enter the unique activation code included in their notification letter. Enrollment requires an internet connection and an email account. Affected individuals must enroll by Aug. 31, 2026.

The company has also established a dedicated call center to answer questions about the breach and the credit monitoring services being offered. Affected individuals can reach the call center at 1-844-593-8310, available from 8 a.m. to 8 p.m. ET, Monday through Friday, excluding major U.S. holidays.