Carnival Hit With Multiple Lawsuits After Massive Data Breach Affecting Millions

This post may contain affiliate links. If you click one, I may earn a commission at no cost to you. As an Amazon Associate, I earn from qualifying purchases.
You can receive cruise news updates straight to your inbox, so you don't miss a thing! Subscribe here.

Carnival Corporation is facing a growing legal battle after a major cyberattack that allegedly exposed more than 8.7 million records led to multiple class action lawsuits in the United States.

Carnival Place, Carnival Corporation and Carnival Cruise Line headquarters in Doral, Florida

The cruise giant confirmed earlier in April that it had detected unauthorised activity linked to a single user account, prompting the company to shut down access and contact law enforcement. However, several former passengers claim the company failed to adequately protect their personal data.

The legal action comes after reports that the cybercriminal group ShinyHunters targeted Carnival, with stolen information potentially including sensitive guest and corporate data.

Read more: Carnival Investigates Potential Data Breach Affecting Millions Of Cruisers

Three separate lawsuits were filed between 22nd April and 24th April 2026 in the United States District Court for the Southern District of Florida.

Passengers Claim Negligence Over Data Protection

The claims were brought by former passengers Yvonne Vasquez from California, Zachary Pottle from Florida and Ashley Cole from Tennessee.

All three lawsuits argue that Carnival did not have adequate cybersecurity measures in place to protect customer information. The plaintiffs claim the cruise company should have anticipated the risk of cyberattacks, particularly as large travel and financial companies have increasingly become targets for hackers.

Person using computer

The lawsuits also allege that sensitive personal data may not have been encrypted, potentially allowing hackers to access the information more easily.

Cole and Vasquez further claim that additional safeguards such as two-factor authentication were not in place, although those details have not been publicly confirmed by Carnival.

According to the legal filings, the hacking group allegedly warned Carnival that the stolen data would be released unless their demands were met by 21st April.

The plaintiffs say the breach has left them at long-term risk of fraud and identity theft. They are seeking financial compensation, lifetime credit monitoring services for affected individuals and a court order requiring Carnival to strengthen its cybersecurity systems.

Carnival Says It Acted Quickly

When the breach first came to light, Carnival said it moved rapidly to stop the unauthorised access.

“After detecting unauthorized online activity involving a single user account, we acted quickly to shut it down and block any further unauthorized access and have notified law enforcement,” the company said in a statement.

“Data privacy and protection are extremely important to Carnival Corporation and we’re working closely with trusted global security experts to be thoughtful and deliberate in our review of the data involved, recognizing that anonymous reports circulating online are not always accurate,” the cruise company continued.

Carnival also said it would contact any affected guests directly once its investigation into the incident is complete.

Second Major Breach In Recent Years

If the lawsuits proceed, the company could face another significant payout linked to a cybersecurity incident.

In 2022, Carnival was ordered to pay $1.25 million and strengthen its data protection systems following a separate breach in August 2020.

That earlier incident affected around 180,000 guests and employees. The latest breach is believed to be far larger, with millions of records potentially involved across several Carnival Corporation brands including Carnival Cruise Line, Princess Cruises, Holland America Line, Cunard, Seabourn, Costa Cruises and AIDA Cruises.

Investigations into the latest breach are ongoing and it remains unclear exactly what information was accessed or how many guests were ultimately affected.

Related Posts:

If you found this interesting, please share!


Jenni with Disney Cruise ship at Castaway Cay


Leave a comment