By Reuters | Updated: May 28, 2026
May 27 (Reuters) – Cruise operator Carnival Corp (CCL.N) said on Wednesday it had detected a cybersecurity incident involving a compromised account of an employee in April, leading to the leak of certain personal information of individuals, including names, addresses and government-issued identification numbers.
The company said it quickly blocked the unauthorized activity, which used social engineering to deceive an employee and gain access to the data. Carnival added it hired third-party security experts to conduct a thorough investigation.
- The company is notifying the affected individuals by email where possible and offering U.S. customers two years of free credit monitoring through TransUnion, with notifications beginning on May 27, Carnival said in the statement.
- Carnival said it has strengthened its security and monitoring controls and will continue to enhance its IT and data protection measures.
- The company has urged the affected individuals to enroll in free credit monitoring, remain vigilant for fraud, review account activity and credit reports, and report suspected identity theft to local authorities.
- In 2021, Carnival had detected unauthorized access to its computer systems, which affected personal information of some guests, employees and crew for Carnival Cruise Line, Holland America Line, Princess Cruises and medical operations.
Reporting by Anuja Bharat Mistry in Bengaluru; editing by Alan Barona
© Thomson Reuters 2026
