Carnival Cruises Cybersecurity Incident – Bernews

Source Domain: bernews.com

Carnival Corporation has begun notifying individuals whose personal data was affected by the cybersecurity incident, with the cruise ship giant noting that “an unauthorized actor used social engineering to deceive an employee to gain access to a limited portion of the company’s IT system.”

A spokesperson said “Carnival Corporation today announced that notification letters have been sent to individuals whose data was impacted in the April 2026 cybersecurity incident.

“This notice is intended to provide the same information included in the notification letters to individuals for whom the company has insufficient or out-of-date contact information. The company also launched a webpage to report the incident publicly on May 27, 2026.

“On April 14, 2026, the company’s IT security team identified unauthorized activity involving an employee’s account. An unauthorized actor used social engineering to deceive an employee to gain access to a limited portion of the company’s IT system. The company acted swiftly to block the unauthorized activity and immediately began working with third party security experts to further strengthen its security and to conduct a thorough investigation. As part of this investigation the company determined the bad actor illegally accessed certain personal information.

“The company has been conducting a thorough and time-consuming analysis of the impacted data to determine what personal information it contained and to whom that information belongs. While this analysis is ongoing and the affected data varies by individual, to date, the impacted data is known to include the following personal information: name, address, email address, phone number, date of birth, and government-issued identification number (e.g., driver’s license number and passport number).

“The company is notifying individuals whose personal information was affected via email, as required and where available. The company…

Source