The personal information of more than 800,000 Texans was potentially jeopardized during a data breach of the cruise company Carnival Inc., according to the Texas Attorney General's Office.
Carnival released a notice last week detailing that its IT systems had been breached by an unauthorized user who gained access to an employee's account on April 14. While the company said it acted quickly to block the compromised account, the "bad actor illegally copied personal information." The breach jeopardized the data of as many as 800,060 Texans, according to a data security breach report from theTexas AG's office.
"We have been conducting a thorough and time-consuming analysis of the impacted data to determine what personal information it contained and to whom that information belongs," Carnival wrote in itsbreach notice. "While this analysis is ongoing and the affected data varies by individual, to date, the impacted data is known to include the following personal information: name, address, email address, phone number, date of birth, and government-issued identification number (e.g., driver's license number and passport number)."
Carnival, which operates seven cruise ships that utilize the Galveston harbor, said it would be notifying affected customers via email and will provide them with two free years of credit monitoring via TransUnion.
In addition to requesting that affected customers enroll in credit monitoring, Carnival is also recommending that customers "remain vigilant against threats of identity theft or fraud" and to contact local police "if you suspect you are the victim of identity theft or fraud."
Carnival said it has notified authorities about the breach and has "taken steps to further safeguard" its systems with enhanced security and monitoring controls.
Those affected by the breach have the option to initiate a "credit freeze" with each of the three credit reporting companies: Experian, TransUnion and Equifax. A credit freeze must be requested from each of the three companies. Itprevents a person from opening a new line of credit without a security code, preventing outside actors from using a person's stolen information to take out loans or credit cards in the person’s name.
Another option, according to Carnival, is to request a fraud alert from the credit reporting agencies.Unlike a credit freeze, a fraud alert does not require a person to notify each of the three credit reporting agencies.
In its breach notice, Carnival did not outright recommend that customers pursue either a credit freeze or a fraud alert, saying both options are "an individual decision."
Copyright 2026 Houston Public Media News 88.7
