Carnival Inc. disclosed last week that an unauthorized actor gained access to an employee's account on April 14, 2026, and illegally copied personal information belonging to customers. The Texas Attorney General's Office confirmed that more than 800,000 Texas residents were potentially affected, placing the incident among the larger consumer data exposures the cruise industry has seen in recent years.
Carnival says it acted quickly to block the compromised account after detecting the intrusion, but was unable to prevent the data from being copied before access was cut off. The company is notifying affected customers by email and is offering two free years of credit monitoring through TransUnion. Customers can also independently place fraud alerts with the three major credit bureaus.
Carnival's breach notice stopped short of recommending either a credit freeze or fraud alert, describing both as individual choices. The incident is drawing renewed scrutiny of data security practices across the cruise industry at a time when lines are handling growing volumes of digital passenger records.