Carnival Corporation contacts clients after data breach

Cruise giant Carnival Corporation has been contacting customers following a major data breach in April.

Reports have suggested almost six million customers were affected by the cyber-crime.

The cruise company’s brands include Carnival Cruise Line, Cunard, Holland America Line, P&O Cruises, Princess Cruises and Seabourn.

It said in a statement on Wednesday (May 27): “Unfortunately, a cybersecurity event in April 2026 affected certain personal information for some individuals. We deeply regret this incident and any concern it may cause and have sent notification letters to individuals whose data was impacted.

“On April 14, 2026, our IT security team identified unauthorised activity involving an employee’s account. 

“An unauthorised actor used social engineering to deceive an employee to gain access to a limited portion of our company’s IT system.”

The company said it acted “swiftly” to block the unauthorised activity and began working with security experts to strengthen its security and to investigate the incident.

“On April 22, 2026, we first determined that the bad actor illegally copied personal information,” added the statement.

The affected data varies by individual but includes name, address, email address, phone number, date of birth, and government-issued identification numbers.

The statement offered advice to US-based customers.

Travel Weekly has contacted Carnival about advice for UK-based agents and customers.

More: Carnival Corporation reports no ‘significant’ cancellation trends