softshell crab exporterVietnamese mud crab exportVietnam crab exporter
Peabo Bryson dies at 75. The Grammy-winning Disney hitmaker suffered a stroke.
Share your disability story with us Turbulence test Should travelers always carry? 7 reasons to sail
CRUISES
Carnival Cruise Line

Carnival data breach hits nearly 6 million customers

Drew Pittock
USA TODAY
June 1, 2026Updated June 2, 2026, 9:35 a.m. ET

Carnival is working to contain the fallout from a data breach that compromised millions of its passengers' personal data, the company announced May 27.

According to a notice posted on its website, Carnival Corporation said its IT team discovered a cybersecurity breach on April 14, which allowed someone to access everything from customers’ names and addresses to their government-issued ID numbers.

"Carnival Corporation values the trust you place in us, and we take the privacy and security of your information very seriously," the company wrote in the notice. "We deeply regret this incident and any concern it may cause and have sent notification letters to individuals whose data was impacted."

Here’s what you should know about the data breach.

Workers secure the lines as Carnival Mardis Gras docks at Terminal 3. Cruise ships came into Port Canaveral blaring their fog horns on an extremely foggy morning.

'Social engineering' operation

Carnival said that its IT security team first discovered the cybersecurity breach on April 14.

According to Carnival, the hack was perpetrated after an individual deceived an employee and gained access to a "limited portion" of the company’s IT system, in what it described as a “social engineering” operation.

The company said that it "acted swiftly to block the unauthorized activity" and coordinated with "third-party security experts" to bolster its security systems and launch an investigation.

Eight days later, on April 22, Carnival determined that some of its customer data had been compromised.

What information was compromised?

Carnival described its analysis of the breached system as "thorough and time-consuming." The analysis, the company said, is ongoing, and the compromised data varies from person to person.

However, the company has determined that impacted data includes names, addresses, email addresses, phone numbers, dates of birth, and government-issued identification numbers (e.g., driver’s license numbers and passport numbers).

While Carnival has not publicly stated how many people were compromised in the breach, a filing with the attorney general’s office in Maine pegs the number at nearly 6 million.

In response to a list of questions USA TODAY sent Carnival Corporation, a spokesperson issued a statement that reiterated the information in the notice published May 27.

"In April, we identified unauthorized access to a limited part of our IT system caused by a social engineering attack on a single user account. We immediately blocked the activity, engaged third-party security experts and alerted law enforcement. Our investigation found certain personal information was illegally accessed," the statement read. "We're notifying affected individuals and deeply regret any concern this causes. Protecting the privacy and security of personal data is a priority for us and we've added new layers of security and monitoring on top of the comprehensive protections already in place. We’ll also continue advancing our defenses against evolving threats."

The cruise ship Carnival Venezia passes lower Manhattan on the Hudson River in New York City on Oct. 18, 2025.

What’s being done for those impacted?

Carnival said it began notifying individuals by email on May 27 if their information was compromised. It also posted a notice on its website on the same day, for those who are unreachable or have out-of-date information on file.

The company is urging people to closely monitor their bank statements and credit histories for any unauthorized activity. It is also offering those involved in the breach two free years with credit monitoring company, TransUnion.

A dedicated call center has been set up for anyone with questions about the incident, as well as the TransUnion services. The TransUnion call center is available at 1-844-593-8310 from 8 a.m. to 8 p.m. ET Monday through Friday, excluding major U.S. holidays.

“In addition to the comprehensive security measures our company had in place prior to the incident, we have taken steps to further safeguard our systems, including enhancing our security and monitoring controls,” Carnival wrote in its release. “Our company will continue to advance our IT security and data privacy controls to stay ahead of an ever-evolving threat landscape.”

 Drew Pittock covers national trending news for USA TODAY. He can be reached at [email protected].

Featured Weekly Ad