Carnival Corporation Data Breach Exposes 65,000 Customers in Colossal Cyber Attack
- First off, the data breach targeted Carnival's loyalty program databases, compromising over 65,000 customer accounts across its nine cruise lines like Princess and Holland America in a sophisticated phishing campaign.
- Personal information including names, addresses, phone numbers, passport numbers, and loyalty point balances was stolen—but credit card details were fortunately encrypted and not accessed.
- The breach went undetected for over a month, occurring in late 2024 with Carnival only discovering the intrusion in early January 2025 during a routine security audit.
- Affected customers are now at increased risk of identity theft and targeted phishing scams, as hackers have their personal travel documents and contact details readily available.
- Carnival has offered two years of free credit monitoring and identity theft protection for affected customers, while warning that loyalty accounts may show unauthorized point redemptions or bookings.