Carnival Data Breach Exposed Passenger Passport Details

In Houston, where the Port of Galveston serves as a major cruise gateway for travelers across the region, Carnival says a recent cybersecurity incident exposed personal information belonging to some guests, employees and crew members. The company said the compromised data may include passport numbers and other identity records, a disclosure that could affect thousands of Gulf Coast travelers who booked or sailed with the cruise line.

Carnival disclosed the incident in a filing and said it detected unauthorized access to part of its information technology systems. According to the company, the exposed information varies by person. In some cases, it included names, Social Security numbers, passport numbers, dates of birth, health information and other government identification data.

Carnival data breach included identity documents

The cruise operator said it moved to contain the intrusion after discovering the activity. Carnival also said it launched an investigation with the help of cybersecurity specialists and notified law enforcement. The company has not publicly released the total number of affected people in the ABC11 report, and it did not describe in detail how the attackers got into its systems.

For travelers in the Houston area who regularly drive to Galveston for departures, the scope matters because passport data and government-issued identification can be used in identity theft schemes. Carnival said the impacted information differs from person to person, which means not every affected individual had the same records exposed.

Company says notices are going out to affected people

Carnival said it is contacting people whose information may have been involved. The company also said it is offering support services where required. Public companies often disclose cyber incidents through regulatory filings when a breach may carry legal or financial risk, and this case reached that threshold.

The report did not identify any disruption to cruise operations tied to the incident. Carnival said its investigation is ongoing, and some details could change as forensic work continues. People who have traveled with the line, worked for the company or served as crew may want to review any notice they receive and check the specific data elements listed in that letter.

Carnival has not said when the intrusion began or how long the unauthorized access lasted, based on the details cited in the report. More information may emerge through updated company filings or direct notifications to affected individuals in the days ahead.

This article is a summary of reporting by ABC11 News. Read the full story here.