On August 15, 2020, Carnival Cruise Line experienced a data breach reported by the California Office of the Attorney General on October 13, 2020. Unauthorized actors gained access to the personal information of guests, employees, and crew members. The compromised data included names, addresses, phone numbers, and—potentially—highly sensitive details such as Social Security numbers and health records. The exact number of affected individuals remains undisclosed, but the breach exposed both internal (employee/crew) and external (guest) data, heightening concerns over identity theft, financial fraud, and privacy violations. The incident underscores significant vulnerabilities in Carnival’s data protection measures, particularly given the broad scope of exposed personally identifiable information (PII) and protected health information (PHI). The breach’s impact extends beyond immediate financial risks, posing long-term reputational damage and regulatory scrutiny for the company.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-195063
TPRM report: https://www.rankiteo.com/company/carnival-cruise-line
"id": "car1020090725",
"linkid": "carnival-cruise-line",
"type": "Breach",
"date": "8/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Unknown (guests, employees, and '
'crew)',
'industry': 'Travel & Hospitality',
'location': 'United States (headquartered in Florida)',
'name': 'Carnival Cruise Line',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names',
'addresses',
'phone numbers',
'Social Security '
'numbers (possible)'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Potentially Protected Health '
'Information (PHI)']},
'date_detected': '2020-08-15',
'date_publicly_disclosed': '2020-10-13',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Carnival Cruise Line on October 13, 2020. '
'The breach occurred on August 15, 2020, involving '
'unauthorized access to personal information of guests, '
'employees, and crew, including names, addresses, phone '
'numbers, and possibly Social Security numbers and health '
'information. Specific details regarding the number of '
'individuals affected are currently unknown.',
'impact': {'data_compromised': ['names',
'addresses',
'phone numbers',
'Social Security numbers (possible)',
'health information (possible)'],
'identity_theft_risk': 'High (due to PII exposure)'},
'investigation_status': 'Ongoing (as of disclosure date)',
'references': [{'date_accessed': '2020-10-13',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California Consumer '
'Privacy Act (CCPA)',
'Potential violation of '
'Health Insurance '
'Portability and '
'Accountability Act '
'(HIPAA) if health data '
'was exposed'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (reported to California Office '
'of the Attorney General)'},
'title': 'Carnival Cruise Line Data Breach (2020)',
'type': 'Data Breach'}