Miami, Fl. (5/31/2026) — Carnival Corporation has begun notifying individuals affected by a cybersecurity incident discovered earlier this year.
The company announced May 27 that notification letters have been sent to individuals whose personal information may have been accessed during the incident. Carnival also launched a public webpage to provide information about the event.
According to the company, its IT security team identified unauthorized activity involving an employee account on April 14. Carnival said an unauthorized actor used social engineering tactics to deceive an employee and gain access to a limited portion of the company’s information technology system.
Social engineering is a method cybercriminals use to trick individuals into providing access, credentials, or sensitive information. Rather than exploiting software vulnerabilities, attackers rely on deception and human error.
After discovering the activity, Carnival blocked the unauthorized access and immediately began an investigation. The company also retained third-party cybersecurity experts to assist with the response and strengthen security measures.
As the investigation continued, Carnival determined that certain personal information was illegally accessed. The company said its review remains ongoing and that the affected information varies by individual.
To date, the impacted data is known to include names, addresses, email addresses, phone numbers, dates of birth, and government-issued identification numbers. Those identification numbers may include driver’s license numbers and passport numbers.
Carnival has not publicly disclosed how many individuals were affected by the incident.
The company began issuing notifications on May 27 and is offering two years of complimentary TransUnion credit monitoring services to eligible individuals in the United States. Notification letters include enrollment instructions and contact information for a dedicated support center.
In addition, Carnival said it has enhanced security and monitoring controls following the incident. The company stated it will continue improving cybersecurity and data privacy protections as threats continue to evolve.
Complimentary Credit Monitoring
Individuals affected by the incident are encouraged to enroll in the complimentary credit monitoring program. They should also review account statements, monitor credit reports, and remain alert for signs of identity theft or fraud.
Consumers should be cautious of unsolicited emails, text messages, or phone calls requesting personal information, as cybercriminals often use data breach incidents to launch phishing attempts.
Anyone who suspects identity theft or fraudulent activity should contact local law enforcement and report the activity to the appropriate financial institutions.
Questions regarding the cybersecurity incident or available credit monitoring services can be directed to Carnival’s dedicated TransUnion call center at 1-844-593-8310. The call center operates Monday through Friday from 8 a.m. to 8 p.m. Eastern Time, excluding major U.S. holidays.
U.S. consumers are also entitled to one free credit report each year from the three major credit reporting agencies through AnnualCreditReport.com.
Previous Article: Coast Guard suspends search for missing cruise ship passenger near Louisiana
