Carnival Cruise Line announced a major data breach that may have compromised the personal information of nearly 6 million passengers. The breach, detected on April 14, involved unauthorized access to sensitive data, including names, addresses, email addresses, phone numbers, dates of birth, and government-issued identification numbers such as driver's licenses and passports. The company revealed that the breach was facilitated by a social engineering attack, where hackers deceived an employee into granting access to the systems. Carnival is notifying affected individuals and providing two years of free credit monitoring and identity protection services through TransUnion. This incident marks a significant cybersecurity challenge for Carnival, which has faced multiple breaches in recent years, including ransomware attacks and phishing incidents. The company has stated its commitment to enhancing security measures and conducting ongoing reviews to safeguard customer information. The repeated breaches raise concerns about the effectiveness of Carnival's cybersecurity protocols and the growing threat of human-focused cyberattacks.