In a letter to customers, the company indicated that outsiders might have gained access to Social Security numbers, passport numbers, dates of birth, addresses and health information of people.
The company declined to say how many people’s information was exposed.
The breach comes after Carnival was hit twice last year by ransomware attacks.
Carnival spokesman Roger Frizzell said the company detected the latest intrusion to some of its information-technology systems on March 19 and shut down access and hired a cybersecurity company to investigate. He said Carnival is making changes to improve security of its information systems.