Carnival warned that nearly 6 million customers may have had personal information exposed after its IT team detected unauthorized access on April 14. The company says the access came through social engineering, is notifying affected individuals starting May 27
For anyone who booked a cruise with Carnival, the vacation memories may now come with an unwanted aftertaste: a notice from the company says nearly 6 million customers may have had personal information stolen in a cyberattack.
Carnival says the accessed data included customers’ names. addresses. email addresses. phone numbers. date of birth. and identification information such as passport or driver’s license numbers. The company’s notice also ties the intrusion to social engineering—an approach where attackers manipulate individuals into granting access to systems or information.
Carnival states that its IT department first became aware of unidentified access to a “limited portion” of the company’s IT system on April 14. The company says it acted quickly to block the unauthorized activity and began working with third-party security experts. In the course of that investigation, Carnival determined the bad actor illegally accessed certain personal information.
Starting May 27, Carnival began notifying affected individuals by email. The message included an offer for a two-year complimentary subscription for TransUnion credit monitoring. TransUnion also set up a dedicated call center to help people enroll.
If you believe you may be impacted, Carnival instructs customers to call TransUnion’s support line at 1-844-593-8310, from 8 am to 8 pm ET, Monday through Friday, excluding major U.S. holidays.
Alongside the monitoring offer, the company is urging customers to remain vigilant for fraud or identity theft, and to notify the police if they suspect such a case.
Carnival says it is also taking steps to reduce the risk of future incidents. It points to comprehensive security measures already in place prior to the event. and says it has enhanced its security and monitoring controls. The company adds that it will continue advancing its IT security and data privacy controls to stay ahead of an “ever-evolving threat landscape.”.
Carnival data breach cyberattack social engineering TransUnion credit monitoring personal information passport number driver’s license number identity theft
So is this why my email kept getting “cruise deals” like… weirdly fast?
I saw Carnival and thought it was just phishing emails. But now they’re saying basically 6 million people? That’s insane. Also the credit monitoring thing… feels like a band-aid, not gonna lie.
Social engineering means they hacked someone’s Facebook or something right? Like the IT team fell for a scam. I don’t even trust the call center, they probably just want your info to “verify” you.
Wait, it says they got passport/driver’s license numbers too?? That’s not just “personal info.” That’s basically everything. I booked through a travel agent though so hopefully I’m not included? And why are they notifying starting May 27 like weeks later… seems kinda late. I guess just freeze your credit or whatever, idk.