carnivalcorp.com data breach

carnivalcorp.com

What Happened

In April 2026, Carnival Corporation (carnivalcorp.com), the world’s largest cruise operator based in Florida, suffered a data breach claimed by the hacking group ShinyHunters, who gained access via a phishing attack on a single user account in what the company described as a supply-chain incident. The breach exposed approximately 8.7 million records—including 7.5 million unique email addresses—primarily from the Mariner Society loyalty program of its subsidiary Holland America Line, containing names, dates of birth, genders, loyalty status details, and potentially terabytes of internal corporate data, which ShinyHunters published online after extortion attempts failed. Discovered on April 20, 2026, Carnival quickly contained the unauthorized activity, notified law enforcement, and is investigating with security experts while committing to notify affected individuals if personal data is confirmed compromised, though the full scope remains under review.

Compromised Assets

  • email
  • full name
  • phone

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches