Hackers tricked a Carnival employee and leaked customer names, addresses, and government IDs

Published: 28 May 2026
Last updated: 28 May 2026
huge white Carnival cruise ship Sunrise docked in post, cloudy blue sky, miami shore, tall homes
The Carnival cruise ship Sunrise docked at Miami Port, Florida, US. REUTERS/Marco Bello.

Cruise operator Carnival Corp said on Wednesday it had detected a cybersecurity incident involving a compromised account of an employee in April, leading to the leak of certain personal information of individuals, including names, addresses and government-issued identification numbers.

Key takeaways:
  • Hackers used social engineering tactics to trick a Carnival employee in April, gaining access to customer names, addresses, and government-issued ID numbers through the compromised account.
  • Carnival is notifying affected individuals by email starting May 27 and offering US customers two years of free credit monitoring through TransUnion after quickly blocking the unauthorized activity.
  • This marks Carnival's second major data breach since 2021, when unauthorized access affected personal information of guests, employees, and crew across Carnival Cruise Line, Holland America Line, Princess Cruises, and medical operations.

The company said it quickly blocked the unauthorized activity, which used social engineering to deceive an employee and gain access to the data. Carnival added it hired third-party security experts to conduct a thorough investigation.

ADVERTISEMENT

The company is notifying the affected individuals by email where possible and offering U.S. customers two years of free credit monitoring through TransUnion, with notifications beginning on May 27, Carnival said in the statement.

Carnival said it has strengthened its security and monitoring controls and will continue to enhance its IT and data protection measures.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The company has urged the affected individuals to enroll in free credit monitoring, remain vigilant for fraud, review account activity and credit reports, and report suspected identity theft to local authorities.

In 2021, Carnival had detected unauthorized access to its computer systems, which affected personal information of some guests, employees and crew for Carnival Cruise Line, Holland America Line, Princess Cruises and medical operations.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked