If you’ve ever been on a cruise, there’s a good chance your personal information was just exposed in a major data breach. Carnival Corporation—the largest cruise line operator in the world—is alerting consumers of a recent hack affecting 6 million people. The incident has been claimed by the ShinyHunters hacking group, which has targeted hundreds of companies in recent years, including Canvas and TransUnion.
Carnival Corporation operates a fleet of more than 90 ships across nine cruise lines: Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and Seabourn. Approximately 13.5 million people traveled with Carnival in 2025.
What happened with the Carnival Cruise data breach?
According to a data breach notice filed with the Maine attorney general, Carnival Corporation discovered “unauthorized activity” on its network on April 14. Threat actors used social engineering to gain access via an employee’s account and copy personal information. The stolen data appear to include names, dates, of birth, email addresses, genders, geographic locations, and loyalty program information. The breach itself occurred on April 10, and the company confirmed that personal information had been exposed on April 22.
As BleepingComputer reports, Carnival has disclosed numerous other cyber incidents in recent years that compromised the personal information of customers, employees, and crew members.
What to do if your data was stolen
Carnival began notifying those affected by the breach on May 27, so you should be on the lookout for a letter about the incident. The company is offering a free 24-month membership to credit monitoring through TransUnion’s My TrueIdentity service. Enrollment instructions, including an activation code, are included in the notice. Eligible consumers will need to complete the sign-up process by Aug. 31.
Whether you receive a data breach notice or not, know that information compromised in a hack can be used in targeted phishing attacks. Be wary of any communication that is about or appears to be from Carnival or any of its cruise line brands, especially if you’re asked to confirm or hand over any personal details. You should also take recommended steps to protect against identity theft, including freezing your credit and monitoring your accounts for suspicious activity.
