Carnival Cruise Confirms Breach Impacting Nearly 6M Customers
Carnival Corporation confirmed a data breach after social engineering attackers accessed IT systems on April 10, 2026. ShinyHunters claimed responsibility for stealing over 8.7 million records. The company began notifying 5,995,277 customers of exposed personal information.
- names
- dates-of-birth
- email-addresses
- genders
- locations
- loyalty-program-details
Carnival Corporation has confirmed a data breach that exposed personal information belonging to nearly 6 million customers. The incident, which the company attributes to social engineering attacks on its IT systems, resulted in the unauthorized access and exfiltration of names, dates of birth, email addresses, genders, locations, and loyalty program details.
Public reporting indicates the breach occurred on April 10, 2026, when attackers gained initial access through social engineering tactics. The threat actor group ShinyHunters later claimed responsibility, stating they had stolen more than 8.7 million records. Carnival began notifying the 5,995,277 affected customers in late May 2026. Industry research from sources such as DoxxScan™ continuous monitoring indicates that travel and hospitality sector breaches frequently expose combinations of personal identifiers that are highly useful for identity theft and targeted fraud.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →