Carnival Corporation Offers Free Credit Monitoring After Data Breach

Carnival Corporation, the world’s largest cruise operator, announced that it will provide some U.S. travelers with two years of free credit monitoring following a data breach. The breach exposed the personal data of nearly 6 million customers.

“In April, we identified unauthorized access to a limited part of our IT system caused by a social engineering attack on a single user account,” the company detailed in a statement to Fox News Digital. Carnival immediately blocked this activity, consulted third-party security experts, and informed law enforcement.

The breach was reported in a news release, stating that an unauthorized individual accessed certain personal information by tricking an employee. Carnival’s investigation, as filed with the Maine Attorney General’s office, revealed that the incident affected 5,995,277 people.

Carnival Corporation serves approximately 13.5 million guests annually on a fleet of 90 ships, which includes Carnival Cruise Line, AIDA, Costa, Cunard, Holland America, P&O, and Princess cruise lines.

The company is performing a detailed analysis to identify what personal data was compromised. It has been established that names, email addresses, phone numbers, dates of birth, and driver’s license and passport numbers were included in the leaked data.

Notification letters have been sent to those affected by the cyber breach. “We’re notifying affected individuals and deeply regret any concern this causes,” the company communicated. “Protecting personal data is a priority, and we’ve enhanced our security measures.”

An online notice addressed customers who did not receive direct notifications, explaining the delay in breach notifications. The statement emphasized the complexity of such incidents, which require thorough investigation before notifying affected parties.

Discussions on platforms like Reddit’s r/CarnivalCruiseFans forum indicate customer frustration. Some expressed a preference for compensation or future cruise vouchers.

Some reports suggested that Carnival refused to pay a ransom, leading to customers’ information appearing on the dark web. These claims have not been verified by Carnival.

The security breach has been linked to the hacking group ShinyHunters, though this remains unconfirmed by Carnival.

Carnival is offering two years of complimentary credit monitoring through TransUnion to affected U.S. customers. It advises vigilant monitoring of accounts and contacting police in suspected fraud cases.