Carnival Corporation says attackers stole customer data after socially engineering an employee and accessing part of its IT systems, affecting 5,995,277 people. The company says the intrusion was identified on April 14, 2026 and data theft was confirmed on April 22; ShinyHunters had claimed the breach in April and said it stole millions of records. Exposed data reportedly includes names, dates of birth, email addresses, gender, location, and loyalty-program details tied to Holland America's Mariner Society.
Why it matters: This is a major consumer data breach involving sensitive personal information that could fuel phishing, impersonation, and account-targeting scams. Affected customers should watch for breach notices, be cautious of unsolicited calls or emails referencing cruises or loyalty programs, and change passwords anywhere they were reused.
Ionut Arghire
2026.05.28
99% relevant
This is the same underlying Carnival breach: it adds the formal disclosure that 5,995,277 people were affected, says the intrusion was identified April 14 after social engineering compromised an employee account, and specifies categories of stolen personal data and the company's notification and credit-monitoring response.
2026.05.28
99% relevant
This article is the same underlying event: Carnival's confirmation that an April compromise of an employee account led to theft of customer data later claimed by ShinyHunters. It adds that the company says copied data includes names, contact details, dates of birth, driver's license numbers, and passport numbers, and cites the Maine filing showing nearly 6 million affected individuals.
2026.05.28
99% relevant
This article is the same underlying event: Carnival's April 14, 2026 social-engineering breach attributed to ShinyHunters. It adds that Carnival's Maine filing lists just under 6 million affected individuals, confirms stolen data types including names, addresses, email addresses, phone numbers, dates of birth, and state identification numbers, and notes that breach notices and two years of credit monitoring are being sent.
Sergiu Gatlan
2026.05.28
100% relevant
This article appears to be the first concrete confirmation and scope disclosure for Carnival's April 2026 breach, tying the incident to a social-engineering attack and a nearly 6 million-person impact.
← Back to all stories