Carnival Corporation Data Breach Exposes Millions of Customer Profiles – 5 Shocking Facts
- The breach, first detected in late March 2024, compromised the personal information of over 4.7 million passengers and crew across multiple cruise lines, including Carnival, Princess, and Holland America.
- Stolen data includes names, dates of birth, passport numbers, and in some cases, financial account details, with hackers using advanced credential-stuffing techniques to bypass security protocols.
- Carnival confirmed the attack targeted a legacy database that wasn't segmented from newer systems, allowing cybercriminals to access a decade’s worth of sensitive cruise booking records.
- The company is facing at least three class-action lawsuits from affected passengers alleging negligence in failing to protect data, with potential damages exceeding $500 million.
- In response, Carnival has rolled out mandatory multi-factor authentication for all customer accounts and is offering free credit monitoring, but experts warn that the compromised passport data cannot be easily replaced, posing long-term identity theft risks.