A data breach at Carnival Corporation may have compromised the personal information of more than 800,000 Texans, including passengers who sailed from the Port of Galveston, according to a report from the Texas Attorney General’s Office.
Carnival disclosed last week that an unauthorized user gained access to an employee’s account on April 14. Although the company said it acted quickly to block the compromised account, the attacker was able to copy personal information before access was cut off. The Texas AG’s office reported that 800,060 Texans were potentially affected by the breach.
The compromised data may include names, addresses, email addresses, phone numbers, dates of birth and government-issued identification numbers such as driver’s license and passport numbers, according to Carnival’s breach notice. The company said it has been conducting a thorough analysis of the impacted data to determine what information was contained and to whom it belongs, and that the analysis is ongoing.
Carnival, which operates seven cruise ships using the Galveston harbor, said it is notifying affected customers by email and offering two free years of credit monitoring through TransUnion. The company has also reported the breach to law enforcement and implemented enhanced security and monitoring controls to safeguard its systems going forward.
Security experts recommend that affected individuals consider placing credit freezes with all three major credit bureaus — Experian, TransUnion and Equifax — or requesting fraud alerts. A credit freeze prevents unauthorized parties from opening new lines of credit using stolen information, while a fraud alert instructs lenders to verify identity before extending credit.
Carnival described the decision to pursue either option as an individual decision, and also advised customers to remain vigilant against identity theft and to contact local police if they suspect fraudulent activity. Those who choose a credit freeze must request one from each of the three credit reporting companies separately, while a fraud alert can be initiated with a single request.
The breach highlights ongoing cybersecurity challenges facing the cruise industry, which handles large volumes of sensitive passenger data including passport information required for international voyages. As cruise lines expand operations from Galveston — one of the fastest-growing cruise ports in the nation — safeguarding passenger information has become an increasingly important operational priority for the Texas travel industry. The Galveston Wharves reported record passenger volumes in 2025, and with additional ships scheduled to homeport at the facility in coming seasons, the volume of personal data flowing through cruise reservation systems operating from Texas ports is expected to grow significantly.
