Carnival Cruise data breach hits nearly 6 million people
▼ Summary
– Carnival Corporation confirmed a data breach affecting nearly 6 million people, claimed by the ShinyHunters extortion gang in April 2026.
– The breach exposed personal information of customers and employees, including names, addresses, and passport numbers.
– ShinyHunters demanded a ransom in exchange for not publishing the stolen data, but Carnival refused to pay.
– The company is offering free credit monitoring and identity theft protection to affected individuals.
– Carnival is working with law enforcement and cybersecurity experts to investigate the incident and strengthen its security systems.
Carnival Corporation, the global leader in cruise operations, has officially acknowledged a data breach impacting nearly 6 million individuals, an incident that was first claimed by the ShinyHunters extortion gang in April 2026. The breach, which exposed sensitive personal information, represents one of the largest cybersecurity incidents in the travel industry this year.
The compromised data includes customer names, addresses, phone numbers, email addresses, and in some cases, passport numbers and dates of birth. Carnival confirmed that no financial information, such as credit card numbers or payment details, was accessed. The company stated that the breach originated from a phishing attack targeting a small number of employee email accounts, which allowed unauthorized access to certain systems.
In response, Carnival has begun notifying affected individuals and has offered complimentary credit monitoring and identity protection services. The company is also working with law enforcement and cybersecurity experts to investigate the incident and strengthen its defenses. “We deeply regret any inconvenience or concern this may cause our guests,” a Carnival spokesperson said. “Protecting personal data is a top priority, and we are taking all necessary steps to prevent future incidents.”
The ShinyHunters group, known for targeting high-profile companies, has reportedly attempted to sell the stolen data on underground forums. However, Carnival has not confirmed any ransom demands or payments. Industry analysts note that this breach could have long-term implications for customer trust and regulatory scrutiny, especially given the company’s size and the volume of data involved.
Carnival advises all affected customers to remain vigilant for suspicious communications and to use the provided monitoring services. The company has also updated its security protocols, including multi-factor authentication and enhanced employee training, to mitigate similar risks moving forward.
(Source: BleepingComputer)
