Carnival Corporation is notifying customers whose personal information was compromised in a cybersecurity incident that occurred in April 2026.
The company sent notification letters and launched a dedicated webpage on May 27, 2026, to inform impacted customers about the breach.
Recommended Videos
What happened
On April 14, 2026, Carnival Corporation says its IT security team detected unauthorized activity involving an employee’s account. According to the company, a bad actor used social engineering tactics to deceive an employee and gain access to a limited portion of the company’s IT system.
“The company acted swiftly to block the unauthorized activity and immediately began working with third-party security experts to further strengthen its security and to conduct a thorough investigation,” the company said in a statement.
As part of that investigation, Carnival Corporation determined the unauthorized actor illegally accessed certain personal information.
What information was exposed
The company said it has been conducting a thorough analysis of the impacted data to determine what personal information was involved and to whom it belongs. While the analysis is ongoing and affected data varies by individual, the compromised information may include:
- Name
- Address
- Email address
- Phone number
- Date of birth
- Government-issued identification number, such as a driver’s license number or passport number
What Carnival Corporation is doing
Carnival Corporation is notifying affected individuals via email and is offering U.S. customers two years of complimentary credit monitoring through TransUnion. Notification letters include details about the information involved and contact information for a dedicated TransUnion call center to assist with enrollment and address questions related to the incident.
The company said it has also taken additional steps to strengthen its systems following the breach.
“In addition to the comprehensive security measures the company had in place prior to the incident, it has taken steps to further safeguard its systems, including enhancing its security and monitoring controls,” the company said.
What affected customers can do
Carnival Corporation is encouraging impacted individuals to enroll in the complimentary credit monitoring services being offered at no charge. The company is also urging customers to take the following precautions:
- Remain vigilant against identity theft or fraud
- Regularly review account statements and credit histories for signs of unauthorized activity
- Contact local police if they suspect they are a victim of identity theft or fraud
U.S. customers are entitled to one free credit report annually from each of the three major credit bureaus. Free reports can be requested at annualcreditreport.com or by calling 1-877-322-8228.
Customers may also contact the U.S. Federal Trade Commission for information on fraud alerts, security freezes, and identity theft protections at consumer.gov/idtheft or by calling 1-877-382-4357.
How to get help
Carnival Corporation has established a dedicated call center to answer questions about the cybersecurity event and the TransUnion services being offered. Customers can call the TransUnion call center at 1-844-593-8310, available 8 a.m. to 8 p.m. ET, Monday through Friday, excluding major U.S. holidays.