GALVESTON — Carnival Corporation has begun notifying individuals whose personal information may have been exposed during a cybersecurity incident discovered earlier this year.

According to a public notice released by the company, the incident stemmed from unauthorized access to an employee account after a cybercriminal used social engineering techniques to gain entry into a limited portion of Carnival’s technology systems. The activity was detected on April 14, and an internal investigation later determined that certain files containing personal information had been copied.

Carnival said information potentially involved in the incident varies by individual but may include names, mailing addresses, email addresses, telephone numbers, dates of birth and government-issued identification numbers, including driver’s license and passport information.

The company stated it began issuing notifications to affected individuals on May 27 and is offering eligible U.S. residents two years of complimentary credit monitoring services through TransUnion.

Carnival said outside cybersecurity specialists were retained to assist with the investigation and review security measures. The company has also implemented additional monitoring and security controls following the incident.

Officials said law enforcement was notified and that they are not currently aware of any continued unauthorized activity related to the breach.

The investigation remains ongoing as Carnival continues reviewing the affected data and identifying impacted individuals.