Data Breach

Urgent: Carnival Cruise and DentaQuest Data Breaches Expose Passports and Medicaid Info

Made with Canon 5d Mark III and loved analog lens, Leica APO Macro Elmarit-R 2.8 / 100mm (Year: 1993)
03 Jun
Professional data security and law firm hero image with a blue color overlay

If you have taken a cruise recently or receive Medicaid benefits, your most sensitive personal information may currently be for sale on the dark web.

The spring of 2026 has brought a devastating wave of cyberattacks targeting two of the most trusted sectors of consumer life: travel and healthcare. Carnival Cruise Line and DentaQuest have both confirmed massive data breaches that have left millions of Americans vulnerable to identity theft, financial fraud, and even medical blackmail.

At Ginsburg Law Group PC, we believe that when big corporations fail to protect your data, they should be held accountable. Simply offering a “free credit monitoring” service is often like putting a band-aid on a deep wound.

👉 If you’ve received a breach notification, you need to understand your rights. You may be eligible to sue for data breach damages.

🛳️ The Carnival Cruise Breach: 6 Million Passports at Risk

In April 2026, Carnival Corporation (which includes major brands like Holland America and the Mariner Society loyalty program) detected a sophisticated “social engineering” attack. The fallout? Nearly 6 million people had their private data exfiltrated.

What was stolen?

While the investigation is ongoing, Carnival has admitted that the following information was exposed:

  • Full Names and Dates of Birth
  • Email addresses and Phone numbers
  • Driver’s license numbers
  • Passport numbers

Why Passport Theft is a Nightmare

Most data breaches involve credit card numbers, which are easy to cancel. Passport numbers are different.

  1. Permanent Risk: You cannot simply “reset” your passport number like a password.
  2. International Identity Theft: Criminals can use passport data to open offshore bank accounts or create “deep-fake” physical IDs for international travel.
  3. Targeted Phishing: With your travel history and passport details, scammers can craft highly convincing emails that look like they are from the State Department or customs officials.
A conceptual image of a hand holding a passport with digital data streams representing travel document vulnerability

⚠️ The “TransUnion Trap”

Carnival is offering two years of complimentary credit monitoring through TransUnion. The bottom line: While helpful, credit monitoring does nothing to protect you if someone uses your passport number to commit a crime in another country or your driver’s license to bypass security at a DMV.

🦷 The DentaQuest Breach: Medicaid Data Leaked by ShinyHunters

While Carnival was reeling, DentaQuest, one of the largest dental benefits administrators in the U.S., was hit by the notorious hacking group ShinyHunters in May 2026.

This breach is particularly alarming because it targets Medicaid beneficiaries. ShinyHunters reportedly leaked 234GB of data, which includes:

  • Social Security Numbers (SSNs)
  • Protected Health Information (PHI)
  • Dental treatment records and insurance identifiers
  • Medicaid ID numbers

The Horror of Medical Identity Theft

Medical identity theft is often more dangerous than financial theft. If a criminal uses your Medicaid ID to receive treatment, their medical history (like blood type, allergies, or chronic conditions) could be merged with yours.

This can lead to life-threatening errors in your own future medical care.

Medical data security icon with a digital shield representing health information protection

⚖️ Can You Sue for a Data Breach?

The short answer is yes. Under various state and federal laws, companies have a “fiduciary duty” to protect the sensitive information you entrust to them.

When to Contact a Data Breach Lawyer

You should consult a consumer protection attorney if:

  • You received a notification letter from Carnival or DentaQuest.
  • You have noticed unauthorized charges on your accounts.
  • Your Medicaid benefits have been denied or flagged for fraud.
  • You are concerned that “free monitoring” doesn’t cover the long-term risk of your leaked passport.

At Ginsburg Law Group PC, we specialize in holding these massive institutions accountable. We work on a “no upfront cost” model, meaning we only get paid if we win your case.

🛡️ Step-by-Step: What to Do Right Now

If you suspect your data was part of these breaches, do not wait for the corporation to “fix” it for you. Take these actions immediately:

  1. Freeze Your Credit: This is the single most effective way to prevent new accounts from being opened in your name. Contact Equifax, Experian, and TransUnion.
  2. Contact the Issuing Authority: If your passport was leaked, notify the U.S. Department of State. If your driver’s license was leaked, notify your state DMV.
  3. Audit Your Medical Records: If you are a DentaQuest/Medicaid member, request a “Summary of Benefits” to ensure no one else is using your ID for treatment.
  4. Save Everything: Keep the physical notification letter and any records of financial loss.
  5. Consult a Data Breach Lawyer: Understand the potential for compensation under the law.

The Ginsburg Law Group Difference

Led by award-winning attorney Amy Ginsburg, our team has 19 years of experience fighting for the “little guy.” Whether it’s a TCPA lawsuit for harassing calls or a massive data leak, we prioritize your story.

We don’t just see a case number; we see a person whose privacy has been violated. Our nationwide presence allows us to take on the biggest corporations in state and federal courts.

Don’t let a corporation’s negligence define your financial future.

Next Step: Call us today or visit our team page to find an advocate who will fight for your fresh start.

Data Breach FAQs

Q: Is the credit monitoring offered by the company enough?
A: Usually, no. Credit monitoring only alerts you after a problem has occurred. It does not provide compensation for the time you spend fixing the mess or the permanent risk of a leaked Social Security or Passport number.

Q: How much does it cost to hire a data breach lawyer?
A: At Ginsburg Law Group, we often utilize fee-shifting statutes. This means the company that leaked your data may be responsible for paying your legal fees. We typically offer “no upfront cost” arrangements.

Q: What is “Statutory Damages”?
A: In some states, if a company fails to protect your data, you are entitled to a specific dollar amount (statutory damages) even if you haven’t yet seen a fraudulent charge on your bank account.

Tags:
Newer Lemon Law Lawyer Checklist: Is Your Car a Lost Cause?
Back to list
Older Simultaneous Death Clauses: Why It Still Matters Who “Died First”

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *