Carnival Corporation is notifying customers and other individuals affected by a cybersecurity incident that may have exposed personal information belonging to millions of people, including Australians.
The company, which owns cruise brands including Carnival Cruise Line, Princess Cruises, Cunard and Holland America, among many others, said it detected unauthorised activity involving an employee account on 14 April 2026.
According to Carnival Corp, a cybercriminal used a social engineering tactic to deceive an employee and gain access to a “limited portion” of its IT systems.
While Carnival has not publicly disclosed the exact number of people affected, mulitple media reports suggest as many as six million individuals could be impacted across the corporation’s global operations.
The company said the compromised data varies by individual but may include names, addresses, email addresses, phone numbers, dates of birth and government-issued identification numbers such as passport and driver’s licence details.
In a statement, Carnival said it acted quickly to block the unauthorised access and engaged external cybersecurity specialists to investigate the incident and strengthen security measures.
The company has now started issuing notification letters and emails to affected individuals where contact details are available. It also launched a dedicated webpage on 27 May 2026 outlining details of the breach.
For affected Americans, Carnival is offering two years of complimentary credit monitoring to help detect signs of identity theft or fraud.
Karryon has contacted Carnival Corporation to ascertain the potential impact on Australian customers.
Meanwhile, the company has encouraged clients to remain vigilant by monitoring bank accounts, credit histories and other personal records for suspicious activity.
The incident highlights the growing cybersecurity challenges facing major travel companies, particularly those holding large volumes of customer data across multiple brands and markets.
KARRYON UNPACKS: Cyber breaches are becoming an uncomfortable reality across travel. For travellers and travel advisors alike, it’s another reminder that protecting personal data is now as important as protecting passports.
