carnival corporation data breach compromised personal data of thousands of cruise passengers.
LONDON, UK – Carnival Corporation & plc, the world's largest cruise operator, has confirmed a significant data breach that exposed the personal information of thousands of passengers and crew members. The incident, which occurred earlier this month, was detected by the company's cybersecurity team on March 3, 2025, prompting an immediate investigation.
According to Carnival Corporation’s official statement, unauthorized third-party access was gained to a limited number of its IT systems. The breach primarily affected data related to passengers who booked cruises between 2020 and 2024, as well as current and former employees. Affected information includes names, addresses, passport numbers, social security numbers, and in some cases, financial details such as credit card numbers.
The company confirmed that all operations, including cruise sailings, continue as scheduled, with no disruptions to itineraries. However, Carnival Corporation emphasized that it has implemented enhanced security protocols, engaged leading cybersecurity firms, and is cooperating with law enforcement agencies, including the FBI and relevant European data protection authorities.
Carnival Corporation is currently notifying affected individuals via email, urging them to monitor their financial accounts for suspicious activity. The company is also offering free credit monitoring and identity theft protection services to those impacted.
At this time, no arrests have been made, and the total number of affected individuals has not been fully disclosed. The breach raises significant concerns over the cruise industry's cybersecurity measures, as Carnival Corporation operates nine global cruise lines, including Carnival Cruise Line, Princess Cruises, and Holland America Line.