Smartphone Photos and Contacts of 800,000 Texans Exposed in Massive Carnival Cruiseline Hack

Smartphone photos and contacts of 800,000 Texans were exposed after Carnival Cruise Lines experienced a springtime cybersecurity failure, prompting a formal probe by Texas Attorney General Ken Paxton. Carnival said an April breach compromised private records tied to about six million people globally, including roughly 800,000 Texas residents. State investigators report the stolen data included full names, standard contact details, dates of birth, and medical information. They also cite passport numbers, state driver’s license information, and transactional payment credentials, along with smartphone content accessed through app permissions such as camera rolls and device contact lists.

Paxton’s office is examining why notification arrived 44 days after the breach, despite 800,060 Texans having their profiles compromised. Carnival traced the initial intrusion to a social engineering attack targeting one employee account, which then enabled access to a restricted network area. The state has issued a Civil Investigative Demand to assess whether Carnival’s defensive protocols met benchmarks under regional consumer protection laws. The incident underscores heightened expectations for breach timing and safeguards in the cruise sector.