top of page
perceptive_background_267k.jpg

Carnival Cruise confirms data breach affecting nearly 6 million people

Published:

28 May 2026 at 10:49:27

Alert date:

28 May 2026 at 11:00:39

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Data Breach & Exfiltration, Enterprise Applications

Carnival Corporation confirmed a major data breach affecting nearly 6 million people. The breach was claimed by the ShinyHunters extortion gang in April 2026. As the world's largest cruise line operator, this represents a significant data exposure incident. The breach appears to involve customer and potentially employee data from Carnival's systems. ShinyHunters is known for conducting high-profile data breaches and extortion campaigns against major corporations. The scale of this breach makes it one of the largest cruise industry data incidents. Carnival is likely conducting forensic investigation and customer notification processes.

Technical details

On April 10, 2026, threat actors used social engineering to deceive a Carnival employee and gain access to a limited portion of the company's IT system. The attack was identified on April 14, 2026, by Carnival's IT security team who detected unauthorized activity involving an employee's account. On April 22, 2026, the company determined that the threat actor had illegally copied personal information. The breach affected 5,995,277 customers and exposed names, dates of birth, email addresses, genders, geographic locations, and loyalty program details. The data contained fields related to the Mariner Society loyalty program run by Holland America. ShinyHunters claimed to have stolen documents containing over 8.7 million records with personally identifiable information and terabytes of internal corporate data.

Mitigation steps:

Carnival acted swiftly to block the unauthorized activity and immediately began working with third party security experts to further strengthen security and conduct a thorough investigation. The FBI advised ShinyHunters' victims not to pay ransom demands, warning that doing so does not guarantee the threat actors won't attempt to extort victims again or sell stolen data to other cybercriminals. Companies should implement stronger security measures against social engineering attacks and employee account compromise.

Affected products:

Carnival Corporation IT systems
Mariner Society loyalty program
Holland America systems

Related links:

https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/d6729ef2-7bb3-42d3-abdd-99a1dd8f2415.html
https://apps.web.maine.gov/cgi-bin/agviewerad/ret?loc=4121
https://haveibeenpwned.com/Breach/Carnival
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/
https://www.ic3.gov/PSA/2026/PSA260515
https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/ransomware
https://www.bleepingcomputer.com/news/security/carnival-cruise-line-operator-discloses-potential-data-breach/
https://www.bleepingcomputer.com/news/security/carnival-cruise-hit-by-data-breach-warns-of-data-misuse-risk/
https://www.bleepingcomputer.com/news/security/largest-cruise-line-operator-carnival-confirms-ransomware-data-theft/
https://www.bleepingcomputer.com/news/security/worlds-largest-cruise-line-operator-carnival-hit-by-ransomware/
https://www.documentcloud.org/documents/20949883-carnival-april-7-bc-form-10-q/?mode=document#document/p18/a2040883

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page