Miller Law is investigating Carnival Corporation, the parent company of Carnival Cruise Line, Princess Cruises, and Holland America, over an alleged cybersecurity incident which has potentially exposed the personal information of over 5.9 million individuals.
According to reports, on April 14, 2026, the Carnival Corporation discovered an unauthorized third-party may have used social engineering to gain access to a portion of the company’s computer network. Through an investigation it is believed that this data breach occurred on April 10, 2026, and may have resulted in the exposure of sensitive personal information of over 5.9 million individuals.
While there has been no official confirmation regarding what sensitive personal information may have been stolen, it is believed that the information that was obtained could result in identify theft, fraud, unauthorized transactions, and other fraudulent activity. Carnival Corporation began notifying individuals whose information may have been exposed on May 27, 2026, and those individuals are being informed to remain vigilant against threats of identity theft or fraud and regularly review and monitor their account statements and credit history for signs of unauthorized activity.
If you or someone you know received a data breach notification letter from the Carnival Corporation or Carnival Cruise Line, or if you believe that your information may have been compromised as a result of the alleged data breach, contact Miller Law to understand your rights, including possible legal remedies.