The Texas attorney general opened an investigation into the cruise company after an April breach that compromised personal information of an estimated 6 million people, including names, passport data, and payment details
Texas Attorney General Ken Paxton said he is investigating Carnival Corporation following an April 2026 data breach that compromised the personal information of an estimated 6 million people, including more than 800,000 Texans.
According to Paxton’s office, Carnival operates several cruise brands worldwide, including Carnival Cruise Line, Princess Cruises, Holland America Line, P&O Cruises, Seabourn, Costa Cruises, and AIDA Cruises. The office said the company collects personal information when consumers create accounts, book travel, communicate with the company, or join rewards programs — including names, contact information, dates of birth, payment and passport information, driver’s license details, and health information.
The office said that on April 14, 2026, Carnival’s IT security team identified unauthorized activity involving an employee account. According to Paxton’s office, Carnival determined that social-engineering techniques were used to deceive an employee and gain access to company systems, allowing an unauthorized actor to reach consumers’ personal information.
Paxton’s office said Carnival’s breach notification reported 800,060 affected Texas consumers, and that the notification was submitted 44 days after the breach. The office said Paxton previously issued a Civil Investigative Demand to the company to determine whether Carnival adequately safeguarded Texans’ personal information and maintained reasonable procedures to protect it, as required by Texas law.
“I am investigating the Carnival cruise line data breach to ensure that the company is held accountable for any illegal action and that Texans’ private information is properly secured,” Paxton said in a statement, adding that his office is committed to protecting Texans’ sensitive personal information.
What Texans Can Do
The investigation is ongoing, and it does not represent a finding that Carnival violated the law. Texans who have cruised with Carnival or its affiliated brands and are concerned about the breach can watch for a notification from the company, monitor their bank and credit card statements for unusual activity, and consider placing a fraud alert or credit freeze with the major credit bureaus. Anyone who believes their information was misused can also file a complaint with the Office of the Attorney General.
