Major cruise line hack exposes sensitive data of nearly 6 million travelers

"In April, we identified unauthorized access to a limited part of our IT system caused by a social engineering attack on a single user account," Carnival Corporation said in a statement to Fox News Digital. "We immediately blocked the activity, engaged third-party security experts and alerted law enforcement."

The company's data breach notice filed with the Maine Attorney General's office said the hack affected 5,995,277 people's personal information.

Carnival said it is conducting "a thorough and time-consuming analysis" to determine what specific personal information was compromised.

The company said that so far, it has determined that names, email addresses, phone numbers, dates of birth and driver's license and passport numbers were included in the impacted data.

Carnival announced it sent notification letters to people affected by the cybersecurity incident.

"We're notifying affected individuals and deeply regret any concern this causes," Carnival told Fox News Digital.

"Protecting the privacy and security of personal data is a priority for us, and we've added new layers of security and monitoring on top of the comprehensive protections already in place," the company added. "We'll also continue advancing our defenses against evolving threats."

The company included "Why am I just finding out about this?" in the notice's FAQ.

"We understand this process can feel slow, and we appreciate your patience," Carnival answered. "Complex incidents like this take time and careful investigation to understand what information was affected and who it belongs to, and then to ensure notifications are handled accurately. After identifying and stopping the incident, our focus shifted immediately to investigating it fully and communicating with all impacted parties as soon as we could."

Some frustrated customers reacted to the notice on Reddit's r/CarnivalCruiseFans forum.

"At this point our data has been out for quite some time," wrote one commentator.

Others said they would prefer to be paid for their troubles or offered a voucher for a future cruise.

This report has not been substantiated by Carnival, and the company has not publicly disclosed where customers' personal information has gone.

The website noted, however, that Carnival has not confirmed the claim.

Regarding the security breach, the company said it is "offering individuals in the U.S. two years of complimentary credit monitoring through its preferred third-party vendor, TransUnion."

In addition to enrolling people in a credit-monitoring system, Carnival is encouraging affected customers to monitor accounts and credit histories vigilantly. They should contact local police if they suspect fraud or identity theft.