Holland America Customers Beware: Common Scams After a Data Breach
Key Takeaways
- After a data breach, Holland America customers may be targeted with fake refund offers, loyalty scams, cabin upgrades, and customer support calls.
- Stolen cruise data can make phishing emails, texts, and calls seem more convincing by using personal details or Mariner Society language.
- Travelers should avoid suspicious links, verify offers through official channels, monitor accounts, and report suspected fraud.
- If you received a Holland America or Carnival Corporation breach notice, Morgan & Morgan may be able to help you pursue compensation.
Injured?
A data breach does not always end when a company sends a notice. For affected consumers, that may be when the next risk begins.
After personal information is exposed, scammers may try to use that data to make their messages seem more convincing. They may know a person’s name, email address, phone number, date of birth, cruise connection, loyalty status, or other personal details. In some cases, they may also have access to sensitive government-issued identification information, such as a passport number or driver’s license number.
For Holland America Line customers, that creates a real concern. A scammer does not need every piece of information about you to sound legitimate. Sometimes, one or two accurate details are enough to make a fake email, text, or phone call feel real.
Following the 2026 Carnival Corporation data breach, Holland America customers should be on alert for scams involving fake refunds, Mariner Society loyalty accounts, cabin upgrades, customer support calls, and phishing campaigns. Here are some of the most common tactics to watch for.
Fake Refund Offers
One of the most common scams after a data breach is the fake refund offer.
A traveler may receive an email, text, or phone call claiming that Holland America is offering a refund, future cruise credit, onboard credit, or reimbursement because of the breach. The message may say the traveler must “confirm” their identity, enter payment information, click a link, or pay a small processing fee to receive the money.
That is a major red flag.
Scammers often use the promise of money to get people to act quickly. After a breach, a refund offer may feel plausible because affected consumers may already be frustrated, worried, or expecting some form of response from the company. A message that says “Your breach-related refund is ready” or “Claim your Holland America compensation now” may be designed to exploit that expectation.
Travelers should be especially cautious if the message creates urgency. Phrases like “limited time,” “final notice,” “act now,” or “your claim will expire today” are common pressure tactics. Scammers want people to click before they think.
If you receive a refund-related message, do not click the link. Go directly to Holland America’s official website, log in through your account, or use contact information from the official breach notice.
Loyalty Points Scams
Cruise loyalty programs can also become targets after a breach.
Holland America’s Mariner Society program may be connected to passengers’ sailing history, loyalty status, special offers, contact information, cruise preferences, and account details. A scammer may send a message claiming that your Mariner Society account has been locked, your points or benefits are expiring, your status was affected by the breach, or you are eligible for bonus credits because of the incident.
The goal may be to steal your login credentials. Once a scammer gains access to a loyalty account, they may be able to view personal details, change account information, access travel history, redeem benefits, or use saved information to commit additional fraud.
Loyalty scams may also appear as fake “account verification” messages. A scammer may claim that Holland America needs to verify your Mariner Society account after the breach to prevent your loyalty benefits from being lost. The message may link to a fake login page that looks similar to a real cruise line website.
Travelers should never enter login information through a link in an unexpected email or text. Instead, type the company’s website into the browser directly or use the official app.
Cabin Upgrade Scams
Cabin upgrade scams can be especially convincing because upgrades are a normal part of cruise marketing.
A scammer may claim that you have been selected for a discounted cabin upgrade, complimentary suite upgrade, verandah stateroom upgrade, priority boarding package, or exclusive post-breach customer offer. The message may say the offer is available for a limited time or requires immediate payment to reserve the upgrade.
These scams may ask for payment card information, account credentials, passport details, or other personal information. In some cases, scammers may try to charge victims for an upgrade that does not exist. In others, they may use the fake upgrade offer to capture sensitive data.
Holland America travelers with upcoming cruises may be particularly vulnerable. If a scammer knows or guesses that someone is a Holland America customer, an upgrade offer may not seem suspicious at first. That is why it is important to verify all travel offers through official channels.
Before paying for any upgrade, log into your official Holland America account or call the cruise line using a verified number. Do not trust a phone number or link provided in a suspicious message.
Fake Customer Support Calls
After a data breach, scammers may impersonate customer support representatives.
A caller may claim to be from Holland America, Carnival Corporation, the Mariner Society, a credit monitoring provider, a refund department, or a fraud prevention team. They may say they are calling about the data breach and need to confirm your personal information. They may ask for your date of birth, passport number, driver’s license number, credit card information, security codes, one-time passcodes, or account login credentials.
Legitimate companies should not ask you to provide sensitive information in response to an unexpected call. You should be especially cautious if the caller pressures you, threatens account suspension, says your refund will be lost, or asks you to read back a verification code.
Scammers may also spoof caller ID, making it look like the call is coming from a legitimate company. Caller ID alone is not proof that a call is real.
If you receive a suspicious call, hang up. Then contact Holland America directly using a verified phone number from the official website or breach notice. Do not call back the number that contacted you unless you have independently confirmed it is legitimate.
Email Phishing Campaigns
Phishing is one of the most common risks after a data breach.
A phishing email is designed to look like it comes from a trusted source. It may use a company logo, official-sounding language, a fake case number, or personal details to make the message appear legitimate. The email may ask the recipient to click a link, download an attachment, verify information, reset a password, claim a refund, or enroll in credit monitoring.
After a Holland America-related breach, phishing emails may reference topics such as a breach notice, refund, future cruise credit, Mariner Society account update, passport issue, boarding problem, payment method failure, cabin upgrade offer, or credit monitoring enrollment deadline.
Some phishing emails are poorly written and easy to spot. Others look polished and professional. Travelers should not rely only on grammar or design to determine whether a message is legitimate.
Common warning signs include urgent language, unexpected attachments, links that do not match the company’s official website, requests for sensitive information, threats of account closure, and offers that seem too good to be true.
When in doubt, do not click. Go directly to the official website or contact the company through verified information.
How Scammers Use Stolen Travel Data
Stolen travel data can make scams more personal and harder to detect.
A generic scam email may be easy to ignore. But a message that includes your name, references Holland America, mentions a cruise credit, or appears to know you are a Mariner Society member may feel more believable. That is the danger of exposed personal information: it can help scammers build trust.
Scammers may also combine information from multiple breaches. For example, they may pair an email address from one breach with a phone number from another and a date of birth or address from a third. Over time, stolen data can be assembled into a more complete identity profile.
For travelers, that means the risk may not be limited to one account. A breach involving cruise line information may lead to scams involving banks, credit cards, travel rewards programs, government documents, email accounts, or other services.
This is why affected consumers should remain alert even if they do not notice fraud immediately.
What Holland America Customers Should Do Now
If you received a Holland America Line or Carnival Corporation data breach notice, save it. Review what information may have been exposed and follow any instructions provided. If credit monitoring is offered, consider enrolling before the deadline.
Change the password for your Holland America account and any account where you used the same or similar password. Enable multi-factor authentication wherever available. Monitor your bank accounts, credit cards, travel accounts, loyalty programs, and credit reports for suspicious activity.
Be cautious of unexpected messages about refunds, cabin upgrades, Mariner Society benefits, payment issues, passport problems, credit monitoring, or breach compensation. Do not click links or call phone numbers in suspicious messages. Instead, verify through official channels.
If you believe you have been targeted by fraud, report it. If your identity has been stolen, use IdentityTheft.gov to begin a recovery plan. If you received a scam message or lost money to a scam, report it to the FTC at ReportFraud.ftc.gov. You may also need to contact your bank, credit card company, credit bureaus, passport agency, state motor vehicle department, or local law enforcement depending on what happened.
Keep records of everything. Save suspicious emails, texts, voicemails, screenshots, fraud alerts, account statements, receipts, and notes about the time you spent responding. These records may matter if you later pursue a legal claim.
Frequently Asked Questions
What scams follow a data breach?
Common scams after a data breach include fake refund offers, phishing emails, fake customer support calls, account verification scams, password reset scams, loyalty points scams, and offers for bogus compensation or credit monitoring. In the travel industry, scammers may also use fake cabin upgrades, boarding document issues, passport problems, payment failures, or cruise credit offers to trick travelers into sharing personal information or payment details.
How do scammers use stolen travel data?
Scammers may use stolen travel data to make their messages sound more legitimate. If they know your name, email address, phone number, cruise connection, or loyalty status, they may pretend to be Holland America, Carnival Corporation, the Mariner Society, a travel agency, a credit monitoring provider, or a fraud department. If they have more sensitive information, such as your date of birth, address, passport number, or driver’s license number, they may try to impersonate you, bypass security checks, or commit identity theft.
Can scammers impersonate Holland America?
Yes. Scammers can impersonate Holland America through emails, texts, phone calls, fake websites, social media messages, or spoofed caller ID. They may use Holland America’s name, branding, Mariner Society language, or breach-related messaging to make the communication seem official. If you receive an unexpected message claiming to be from Holland America, do not click links or provide personal information. Instead, contact Holland America directly through the company’s official website or contact information from the breach notice.
How can I spot a phishing email?
A phishing email may include urgent language, unexpected links, suspicious attachments, spelling errors, unusual sender addresses, requests for personal information, or offers that seem too good to be true. However, some phishing emails look professional and may include real company logos. The safest approach is to avoid clicking links in unexpected emails. Go directly to the company’s official website or app to check your account.
Where should I report fraud?
If you believe your identity was stolen, report it at IdentityTheft.gov, which can help you create a recovery plan. If you received a scam message, phishing email, fake customer support call, or fraudulent offer, report it to the FTC at ReportFraud.ftc.gov. You should also notify your bank or credit card company if financial information was involved, report suspicious activity to the affected company, and contact law enforcement if you suffered financial loss or identity theft.
Morgan & Morgan May Be Able to Help
Scams after a data breach can create real harm. Affected travelers may lose money, spend hours protecting their accounts, replace documents, monitor credit, and deal with the stress of not knowing where their personal information may end up.
If you received a Holland America Line or Carnival Corporation data breach notice or believe your information was misused after the breach, Morgan & Morgan may be able to help. Our data breach attorneys can review your situation, explain your rights, and determine whether you may be entitled to compensation.
Contact Morgan & Morgan today for a free, no-obligation case evaluation. Hiring one of our attorneys is easy, and you pay nothing up front. The Fee Is Free® unless we win.

We've got your back
Injured?
Not sure what to do next?
We'll guide you through everything you need to know.
