Texas Attorney General Ken Paxton has launched an investigation into Carnival Corporation following a data breach that exposed the personal information of an estimated 6 million people, including more than 800,000 Texas residents.

Data Breach Details

The investigation was announced after the company reported that unauthorized access to its systems in April 2026 compromised consumer data collected through its cruise and travel operations. According to the Texas Attorney General’s Office, Carnival notified the state that 800,060 Texas consumers were impacted by the breach.

Carnival, which operates several cruise brands worldwide, gathers personal information from customers who create accounts, book trips, communicate with the company, or participate in rewards programs. The company maintains a range of consumer information, including names, contact details, dates of birth, payment information, passport data, driver’s license information, and health-related information.

Investigation and Response

The attorney general’s office said Carnival submitted its breach notification to Texas 44 days after the incident occurred. Before announcing the investigation, Paxton’s office issued a Civil Investigative Demand to Carnival seeking information about the company’s cybersecurity practices.

The investigation will examine whether Carnival adequately protected Texans’ personal information and whether the company maintained reasonable security procedures as required under Texas law. “I am investigating the Carnival cruise line data breach to ensure that the company is held accountable for any illegal action and that Texans’ private information is properly secured,” Paxton said in a statement.

Original reporting: The Dallas Express — read the source article.