Carnival Corporation, the leading cruise company globally, is offering two years of complimentary credit monitoring to some U.S. travelers following a data breach. This breach revealed personal information of nearly 6 million customers. The company noted in a statement that it discovered unauthorized access in April, due to a social engineering attack on a user account. They promptly halted the activity, engaged third-party security professionals, and notified law enforcement.

A statement on their website detailed an investigation showing that an unauthorized actor accessed personal data by deceiving an employee. The Maine Attorney General’s office received a data breach notice from Carnival, stating that 5,995,277 individuals had their personal information compromised.

Carnival’s 2025 annual report highlights that they served approximately 13.5 million guests and operate a fleet of 90 ships. Their diverse portfolio includes well-known cruise lines such as AIDA, Costa, Cunard, Holland America, P&O, and Princess. According to the company, the breach impacted nearly 6 million customers, potentially compromising their personal information.

The ongoing investigation aims to ascertain which specific details were compromised. Thus far, they identified that names, email addresses, phone numbers, dates of birth, and driver’s license and passport numbers were accessed. Notification letters have been dispatched to those affected.

In a note to people who could not be directly contacted, Carnival addressed the delay in informing affected customers. The FAQ section responded to, ‘Why am I just finding out about this?’ by explaining the complexity and time involved in such investigations. It emphasized the thorough investigation and communication with impacted parties.

The breach has drawn reactions on online forums like Reddit, with some users expressing frustration. Concerns were raised about potential ransom payments to hackers who reportedly published customer data on the dark web. However, Carnival has not confirmed these allegations.

Some customers suggested compensation or future cruise vouchers, while the company maintains their focus on upgrading security measures. They offer two years of complimentary credit monitoring through TransUnion to affected U.S. customers.

Along with credit monitoring, Carnival advises customers to keep a close watch on their accounts and credit histories. They should contact local authorities if they suspect any fraudulent activities. Carnival continues to bolster their cybersecurity defenses to protect against evolving threats.