Carnival Cruise confirms data breach affecting nearly 6 million people
Recorded: May 28, 2026, 11 a.m.
| Original | Summarized |
Carnival Cruise confirms data breach affecting nearly 6 million people News Featured Glassworm botnet disrupted after resilient C2 infrastructure takedown CISA gives feds 4 days to patch actively exploited cPanel plugin flaw Windows 11 KB5089573 update released with performance improvements Charter confirms data breach after ShinyHunters extortion threat Carnival Cruise confirms data breach affecting nearly 6 million people Sextortionist sentenced to 33 years for targeting 145 children GPU mining malware spreads via SEO poisoning, AI chatbots This CompTIA IT learning path is only $40 through 6/14 Tutorials Latest How to access the Dark Web using the Tor Browser How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to use the Windows Registry Editor How to backup and restore the Windows Registry How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows Webinars Latest Qualys BrowserCheck STOPDecrypter AuroraDecrypter FilesLockerDecrypter AdwCleaner ComboFix RKill Junkware Removal Tool Deals Categories eLearning IT Certification Courses Gear + Gadgets Security VPNs Popular Best VPNs How to change IP address Access the dark web safely Best VPN for YouTube Forums Virus Removal Guides HomeNewsSecurityCarnival Cruise confirms data breach affecting nearly 6 million people Carnival Cruise confirms data breach affecting nearly 6 million people By Sergiu Gatlan May 28, 2026 Carnival Corporation, the world's largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026. Carnival on ShinyHunters leak site (BleepingComputer) The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate. Related Articles: Breach Sergiu Gatlan Previous Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Upcoming Webinar Popular Stories FBI warns of Kali365 phishing service targeting Microsoft 365 accounts Anthropic’s restricted Claude Mythos model may be coming to Claude Code Microsoft Defender can now automatically isolate hacked endpoints Sponsor Posts Protect Your Business from Ecommerce Fraud Overdue a password health-check? Audit your Active Directory for free 33% Rise in Healthcare Credential Theft in 2025: What you need to know AI is a data-breach time bomb: Read the new report Upcoming Webinar Follow us: Main Sections News Community Forums Useful Resources Welcome Guide Company About BleepingComputer Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... |
Carnival Corporation, the world's largest cruise line operator, confirmed a significant data breach in April 2026, following an extortion threat by the ShinyHunters cybercrime group. This incident reportedly affected nearly six million individuals. The breach originated when threat actors successfully gained access to some of the company's IT systems through a social engineering attack targeting an employee account. The company’s IT security team identified unauthorized activity involving an employee's account on April 14, 2026, and subsequently determined that a bad actor had illegally copied personal information on April 22, 2026, after the company worked with third-party security experts to investigate the unauthorized activity. The ShinyHunters cybercrime group subsequently claimed responsibility for the breach, asserting that they stole documents containing over eight point seven million records of personally identifiable information and terabytes of internal corporate data. Analysis conducted by the data breach notification service Have I Been Pwned revealed that the exposed data included sensitive details such as names, dates of birth, email addresses, genders, geographic locations, and loyalty program details associated with the Mariner Society loyalty program, which is operated by Holland America, a cruise line brand under Carnival. In addition to the specific breach, the context of data security at Carnival involves prior incidents; the corporation had previously disclosed data breaches in March 2020 and June 2021, which involved the exposure of personal and financial information belonging to customers, employees, and crew after threat actors accessed employee email accounts. Furthermore, ransomware gangs also successfully stole the personal information of Carnival customers and employees after breaching the company's systems in August and December 2020. The FBI had previously advised ShinyHunters' victims not to comply with ransom demands, warning that payment does not guarantee the threat actors will cease extortion or refrain from selling the stolen data to other cybercriminals. This case highlights the ongoing challenges in validating security controls, as automated penetration testing tools are designed to answer singular questions about network movement rather than comprehensive validation of threat blocking, detection rules, or cloud configurations. |