MIAMI — Carnival Corporation disclosed a cybersecurity breach first detected on April 14, 2026, in which an unauthorized actor used social engineering to access personal data of more than 800,000 Texas residents and other customers. The company began notifying affected individuals after confirming that certain personal information was illegally accessed.

According to a notice published May 27, the breach originated when an employee was deceived through social engineering, granting the attacker access to a limited portion of Carnival’s IT system. The corporation immediately blocked the unauthorized activity and launched an investigation with the help of third-party security experts while also alerting law enforcement.

The compromised data may include names, home addresses, email addresses, phone numbers, dates of birth, and government-issued identification numbers such as driver’s license and passport numbers. Carnival noted that the specific information accessed varies by individual and that its analysis of the full scope of the breach is ongoing.

In response, Carnival has enhanced its existing security and monitoring controls and is offering two years of complimentary credit monitoring through TransUnion to affected U.S. customers. The company has also established a dedicated call center—reachable at 1-844-593-8310, Monday through Friday from 7 a.m. to 7 p.m. CT, excluding major holidays—to assist individuals with questions.

Carnival is urging affected customers to monitor their account statements and credit reports for signs of fraudulent activity and to contact local police if they suspect identity theft. “In April, we identified unauthorized access to a limited part of our IT system caused by a social engineering attack on a single user account. We immediately blocked the activity, engaged third-party security experts and alerted law enforcement. Our investigation found certain personal information was illegally accessed. We're notifying affected individuals and deeply regret any concern this causes. Protecting the privacy and security of personal data is a priority for us and we've added new layers of security and monitoring on top of the comprehensive protections already in place. We’ll also continue advancing our defenses against evolving threats.”

No independent assessment was available for this report.