Carnival Corporation is investigating a potential cyber attack after a hacking group claimed it had stolen more than 8.7 million records linked to the cruise giant.
The group, known as ShinyHunters, has listed Carnival Corporation & plc on a data leak site and says it has obtained a large collection of personal and internal corporate data. The company has not confirmed whether the data is genuine but says it is taking the claim seriously.
If the breach is verified, the records could relate to guests and employees across multiple cruise brands owned by Carnival Corporation.
Carnival Responds To Alleged Breach
Carnival Corporation said it became aware of suspicious online activity involving one user account and acted quickly to shut it down.
A spokesperson for the company said law enforcement has been notified and cybersecurity specialists are now helping to review the situation.
“After detecting unauthorized online activity involving a single user account, we acted quickly to shut it down and block any further unauthorized access and have notified law enforcement.
“Data privacy and protection are extremely important to Carnival Corporation and we’re working closely with trusted global security experts to be thoughtful and deliberate in our review of the data involved, recognizing that anonymous reports circulating online are not always accurate.
“If we determine personal information was affected, we will follow all disclosure requirements and communicate directly with any impacted individuals.“
The hacking group reportedly issued a “pay or leak” ultimatum demanding payment in exchange for keeping the information private. The deadline for that threat expired on 21st April 2026.
Millions Of Records Potentially Exposed
Security researchers say the dataset linked to the breach could contain approximately 8.7 million records, including about 7.5 million unique email addresses.
Some early analysis suggests that part of the information may be connected to the Mariner Society loyalty programme operated by Holland America Line, which is one of Carnival Corporation’s cruise brands.
Data involved in breaches like this can vary widely but often includes names, email addresses, booking histories, loyalty programme information and contact details. In more serious cases, financial data or travel documentation details may also be exposed.
Cybersecurity experts have warned that stolen information can sometimes be used in scams, phishing attempts or identity theft.
Part Of Wider Hacking Campaign
The Carnival claims are part of a broader cyber campaign by ShinyHunters targeting dozens of major organisations around the world.
Reports indicate the group recently published data connected to more than 40 companies, including major retail, financial and hospitality brands.
Unlike traditional ransomware groups that lock computer systems, ShinyHunters often focuses on stealing data and threatening to release it publicly if victims refuse to pay.
Previous Cyber Incidents
This would not be the first cybersecurity incident affecting Carnival Corporation. In 2020, Carnival Corporation disclosed a breach that exposed some personal data connected to guests and employees.
The incident resulted in a $1.25 million settlement and prompted the company to introduce additional security measures.
More recently, the company has also dealt with technical issues affecting online systems. In February 2026, guests reported problems accessing parts of Carnival’s website and booking services, while an email system glitch earlier in April sent repeated promotional messages to some customers.
Those issues are not believed to be related to the current investigation.
For now, travellers who have sailed with any Carnival Corporation brand are being advised to remain cautious and monitor their accounts for unusual activity while the company continues its investigation.
Related Posts:
If you found this interesting, please share!
A crew member from Norwegian Cruise Line’s Norwegian Breakaway has gone overboard off the coast of Massachusetts while the ship was returning from a cruise to Bermuda. The incident happened…
P&O Cruises has confirmed that comedian Jason Manford will bring his touring Manford’s Comedy Club concept on board two of its newest ships for a limited run of sailings in…
A travel agent named Iona is preparing to marry on P&O Cruises’ ship Iona after a recent visit on board convinced her it was the perfect venue for her wedding….
Oceania Cruises has announced plans to relaunch Oceania Nautica as Oceania Aurelia in late 2027, with the 25-year-old ship to be extensively reworked under the line’s OceaniaNEXT programme and positioned…
Source link
