Carnival
Data Breach Class Action Lawsuit
Posted: May 28, 2026 -- Carnival data breach class action lawsuit investigation.
Abington Cole + Ellery is investigating the data breach recently announced by Carnival and may be filing a class action lawsuit on behalf of victims.
Carnival Data Breach Summary:
In late-May of 2026, Carnival Corporation, the parent of Carnival Cruise Line, disclosed a security incident involving unauthorized access to sensitive data, which took place on or around April 14, 2026. Approximately 5.9 million individuals were affected by the Carnival data breach, and breached data may include, but is not necessarily limited to: names, addresses, email addresses, phone numbers, dates of birth, and government-issued identification numbers, such as driver’s license numbers and passport numbers. As a result of the data breach, Carnival is offering 24 months of free credit monitoring and/or identity theft protection services to some affected individuals.
FREE CONSULTATION: If you are a victim of the Carnival data breach, and interested in potentially volunteering to serve as a class representative in a class action lawsuit against Carnival, please submit your information here to be considered:
An attorney-client relationship is not formed by submitting information through this website.
Carnival Data Breach Details:
Carnival Corporation announced on May 27, 2026, that it had begun notifying people affected by an April 2026 cybersecurity incident. According to Carnival’s notice, its IT security team found unauthorized activity on April 14 involving an employee account. The company said the attacker used social engineering to deceive an employee and gain access to a limited part of Carnival’s IT system. Carnival says it blocked the activity the same day and brought in third-party security experts to investigate and strengthen controls. On April 22, Carnival first determined that personal information had been illegally copied.
The company has not publicly described every technical detail of the intrusion, but its account points to a phishing or social-engineering compromise rather than a broad, unexplained network failure. The data review is still described as ongoing, and Carnival says the information involved varies by person. So far, the affected data reportedly includes names, addresses, email addresses, phone numbers, dates of birth, and government-issued identification numbers, such as driver’s license numbers and passport numbers.
Carnival began sending email notices on or about May 27, 2026, where it had usable contact information. For U.S. individuals, the company is offering two years of complimentary credit monitoring through TransUnion and is advising affected people to watch credit reports and account statements for signs of fraud. Third-party reporting says a hacking group claimed to have obtained Carnival-related data and later published 8.7 million records, including 7.5 million unique email addresses; that dataset was described as containing fields tied to Holland America Line’s Mariner Society loyalty program. That outside leak-site intelligence is important context, but Carnival’s confirmed notice is narrower: it confirms unauthorized access through an employee-account compromise, copying of personal information, notification to affected individuals, law-enforcement notice, and added security monitoring.
Additional information about the Carnival data breach may be found here: Carnival Data Breach Notice (Maine Attorney General). The Carnival Website may also have additional information about or provide periodic updates regarding the data breach.
About Carnival:
Carnival Corporation Ltd. is a global cruise company headquartered in the Miami area of Florida, with corporate offices in Doral. Its portfolio includes AIDA Cruises, Carnival Cruise Line, Costa Cruises, Cunard, Holland America Line, P&O Cruises, Princess Cruises, and Seabourn. The company operates more than 90 ships that sail to over 800 ports and destinations around the world, serving travelers across major cruise markets in North America, Europe, and Australia. Its business centers on ocean travel, onboard hospitality, destination-based tourism, and related vacation services. Carnival is publicly traded on the New York Stock Exchange and is one of the largest companies in the cruise and leisure travel industry.
Additional Information:
Reuters: Cruise operator Carnival discloses personal data breach
BleepingComputer: Carnival Cruise confirms data breach affecting nearly 6 million people
For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?
If you believe you are a victim of the Carnival data breach, and if you would like to volunteer to serve as a class representative in a class action lawsuit regarding this data breach, please submit your information via the form on this webpage. This website is not associated with nor authorized by Carnival or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.