Margaritaville at Sea Faces Class Action Over Data Breach Exposing Customer PII and PHI
A newly filed class action lawsuit accuses Margaritaville at Sea, operated by Classica Cruise Operator Ltd., of failing to protect sensitive customer data, leading to a breach that exposed personally identifiable information (PII) and protected health information (PHI). The suit, filed in the U.S. District Court for the Middle District of Florida (Seaberg v. Classica Cruise Operator Ltd. Inc., Case No. 6:25-cv-02072), was brought by plaintiff Danielle Seaberg on behalf of affected customers nationwide.
Seaberg alleges the cruise line neglected to implement adequate cybersecurity measures, despite having the resources to do so, leaving customer data vulnerable. The complaint further claims Margaritaville at Sea failed to warn customers about its insufficient security practices, secure hardware containing sensitive information, or notify affected individuals in a timely manner.
The lawsuit asserts multiple legal claims, including negligence, breach of implied contract, and unjust enrichment, and seeks declaratory relief, injunctive measures, and damages for the plaintiff and class members. Seaberg is represented by attorneys from Milberg Coleman Bryson Phillips Grossman PLLC and The Consumer Protection Firm.
The case follows another recent data breach-related class action against WestJet Airlines, which exposed the personal information of over 1.2 million customers. Margaritaville at Sea has not yet publicly detailed the scope or timeline of its breach.
Margaritaville cybersecurity rating report: https://www.rankiteo.com/company/margaritaville
Classic Auto Group cybersecurity rating report: https://www.rankiteo.com/company/classicautogroup
"id": "MARCLA1768723920",
"linkid": "margaritaville, classicautogroup",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Hospitality/Tourism',
'location': 'United States',
'name': 'Margaritaville at Sea (Classica Cruise '
'Operator Ltd.)',
'type': 'Cruise Line'}],
'customer_advisories': 'Failed to warn customers about insufficient security '
'practices',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'description': 'A class action lawsuit accuses Margaritaville at Sea, '
'operated by Classica Cruise Operator Ltd., of failing to '
'protect sensitive customer data, leading to a breach that '
'exposed personally identifiable information (PII) and '
'protected health information (PHI). The lawsuit alleges '
'negligence, breach of implied contract, and unjust enrichment '
'due to inadequate cybersecurity measures and delayed '
'notifications.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'negligence allegations',
'data_compromised': 'Personally Identifiable Information (PII) and '
'Protected Health Information (PHI)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action lawsuit filed'},
'post_incident_analysis': {'root_causes': 'Inadequate cybersecurity measures '
'and failure to secure hardware '
'containing sensitive information'},
'references': [{'source': 'Class Action Lawsuit Filing'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit filed '
'(*Seaberg v. Classica Cruise '
'Operator Ltd. Inc.*, Case No. '
'6:25-cv-02072)'},
'response': {'communication_strategy': 'Failed to notify affected individuals '
'in a timely manner'},
'title': 'Margaritaville at Sea Data Breach Exposing Customer PII and PHI',
'type': 'Data Breach'}