Last Update: 06/03/2026 at 4:25 AM EST
Carnival Data Breach Fallout
Coverage from Reuters, BleepingComputer, and others
Articles
54
Latest Article
06/02
Active Days
45
Executive Summary
Carnival Corporation is dealing with a confirmed 2026 breach tied to social engineering, compromised account access, and ShinyHunters extortion claims, with millions of customer records, passport data, and loyalty information implicated alongside lawsuits and remediation efforts.
Key Points
- The strongest signal is a confirmed Carnival breach that began with social engineering against an employee account and led to unauthorized access to internal systems.
- Reported impact has converged around a large-scale exposure estimate near 6 million affected people, while some earlier claims and secondary reports cited 8.7 million records.
- The data at issue is mainly identity and travel information: names, addresses, email addresses, phone numbers, dates of birth, passport numbers, driver license numbers, and loyalty-program details.
- ShinyHunters is the main threat actor tied to the incident, using pay-or-leak style extortion and later publishing or claiming datasets.
- Carnival's response has centered on account shutdowns, law-enforcement notification, outside forensic review, customer notices, and credit-monitoring offers.
- The privacy impact is materially amplified by the presence of passport and government ID data, which raises identity-theft and account-takeover risk beyond ordinary contact-data exposure.
- Litigation has already followed, with class actions alleging inadequate cybersecurity, vague disclosures, and insufficient protection of personal information.
Featured Article
Carnival Corporation issued May 27, 2026 data-breach notifications after April 2026 social engineering compromised an employee account and exposed personal identifiers.
Coverage Timeline: 45 Days
Hover over any logo to see coverage summary, click for full article.
Additional Articles
⭐⭐⭐⭐⭐
Carnival Corporation notified nearly 6 million customers in April 2026 after a social-engineering-driven intrusion enabled ShinyHunters-linked data theft and extortion.
Carnival Corporation disclosed on May 27 a data breach discovered April 14 in the USA|Maine, involving social engineering and exposure of passenger identity documents.
Carnival confirmed in May that a ShinyHunters-linked April attack led to copying passenger passport and driver license data after an employee account compromise.
Carnival Corporation disclosed an April data breach in U.S. customer filings, began May 27 notifications, and partnered with TransUnion for two years of credit monitoring.
Carnival Corporation disclosed a phishing-driven employee account compromise on April 14, 2026, with Maine breach notification for 5,995,277 people starting May 27.
Yvonne Vasquez filed a class action against Carnival Corporation in Florida, alleging a 2026 cybersecurity failure exposed unencrypted personal data for about 8.7 million people.
Carnival Corporation disclosed April 14 breach impacts on millions, including Texas cruise passengers, after a targeted employee-access attack.
Carnival Corporation began notifying people on May 27, 2026 after a April 14 social-engineering intrusion exposed personal data, offering TransUnion credit monitoring in the U.S.
Carnival Corporation reported a social-engineering data breach discovered April 14, 2026, with Maine Attorney General notification covering 5,995,277 affected individuals.
Carnival Corporation reported April 14 unauthorized access via a social-engineered employee account compromised, exposing passport and driver license data and prompting a Maine Attorney General notice for 5,995,277 people.
Carnival Corporation disclosed an April data breach tied to social engineering and offered TransUnion credit monitoring after exposure of nearly 6 million customers’ personal data.
Carnival Corporation reported April 2026 discovery of a social-engineering-driven breach after attackers accessed internal systems and copied data affecting 5,995,277 individuals.
Carnival Corporation notified Maine and other audiences in 2026 after an April 2026 intrusion copied personal data from Carnival IT systems.
Carnival Corporation notified Maine-relevant consumers in 2026 after a April network intrusion exposed personal and loyalty data for about 6 million people.
Carnival Corporation disclosed a 5,995,277-customer data breach beginning April 10, 2026, after social-engineering credential compromise and notifications starting May 27.
Carnival Cruise Line disclosed in 2020s timeframe that social engineering compromised an employee account in April, exposing names, addresses, and government IDs, with U.S. credit monitoring offered via TransUnion.
Carnival Corporation notified Maine and nearly 6 million people after social engineering enabled an employee account compromise and exposure of identity data starting April 14, 2026.
Carnival Corporation detected an April 14, 2026 social engineering attack exposing personal data for about 5.99 million people, leading to class action investigation.
Carnival Corporation disclosed a passenger data breach on May 27 after a social engineering intrusion detected April 14 and customer data exposure determined April 22.
Carnival Corporation disclosed a phishing-driven data breach discovered April 14, 2026 and linked to Mariner Society after ShinyHunters extortion, with notifications sent May 27, 2026.
⭐⭐⭐
Carnival Corp said a April employee-account compromise used social engineering, exposing personal data including government-issued IDs and triggering May 27 notifications and TransUnion credit monitoring.
Carnival Corporation disclosed a reported April 2026 data breach affecting nearly 6 million travelers after social engineering targeted employee accounts.
Carnival Corporation notified individuals after a May 27, 2026 public disclosure, following an April 14, 2026 incident involving social engineering and unauthorized IT access.
Carnival Inc. disclosed an April 14 unauthorized-access breach that the Texas Attorney General says may have exposed personal data for up to 800,060 Texans.
Have I Been Pwned flagged 7.5 million email addresses tied to Carnival Corporation while the company reported a limited phishing compromise.
Carnival Corp disclosed on May 27 that a compromised employee account in April exposed personal information including government-issued identification numbers, after social engineering access.
Zachary Pottle filed a Florida federal class action on April 22, 2026, alleging Carnival failed to notify customers after ShinyHunters stole over 8.7 million PII records in a ransomware breach on April 18, 2026.
Carnival Corporation disclosed in 2026 a social-engineering-driven data breach affecting 5.99 million U.S. residents and began California filings and consumer notifications with TransUnion credit monitoring.
Carnival Corporation reported on an April 14 employee-account compromise after possible exposure of traveler passport and driver license numbers.
Carnival Corp. reported an April employee-account compromise using social engineering, exposing personal data and leading to May 27 notifications and TransUnion identity protection for U.S. customers.
Carnival Announces Data Breach Where the Information of Nearly 6 Million People May Have Been Leaked
Carnival Corporation reported an April data breach discovered after unauthorized access to an employee account exposed sensitive personal identifiers for nearly six million people.
ShinyHunters allegedly accessed Carnival Corporation data and issued a ransom threat, while Carnival reported blocking unauthorized activity and notifying law enforcement.
Carnival Corp reported a April cybersecurity incident involving a compromised employee account, using social engineering to leak personal information and prompting May 27 TransUnion credit-monitoring offers.
Carnival Corporation disclosed a data breach in the U.S. after ShinyHunters claimed access to Mariner Society loyalty data following a phishing compromise detected April 14, 2026.
Carnival Corporation disclosed a consumer data breach to Maine officials after April 10 exposure, notifying about 6 million people starting May 27 and offering TransUnion credit monitoring.
ShinyHunters threatened to leak alleged stolen data from Carnival Corporation by April 21, 2026 after Carnival detected suspicious phishing tied activity on one account.
Carnival Corp announced May 27 that an April employee-account compromise enabled social engineering, exposing personal data and triggering notification and TransUnion credit monitoring.
Carnival customer information, including passport details, impacted by data breach, cruise line says
Carnival Corporation disclosed that a April social-engineering attack led to unauthorized access to passenger passport numbers and dates of birth.
Carnival Corporation is investigating an extortion-related data breach claim listed by ShinyHunters after unauthorized activity was detected in a single user account, with a deadline expiring April 21, 2026.
Between April 22-24, 2026, three plaintiffs filed class-action lawsuits in Florida against Carnival Corporation over an alleged ShinyHunters-linked breach and delayed notification.
Carnival Corporation confirmed a ShinyHunters ransomware data breach in April 2026 after social engineering compromised an employee device, affecting millions of customers.
Carnival Corp reported a May 27 disclosure of an April cybersecurity incident where social engineering enabled unauthorized access to personal data tied to an employee account.
Carnival Corporation notified customers in May 2026 about an April 2026 incident involving employee-account social engineering and offered TransUnion credit monitoring to U.S. customers.
Carnival Corporation notified nearly 6 million customers in a data breach announced after an April social engineering attack.
Carnival Corporation disclosed May 27 that a social-engineering attack in April may have exposed passport and driver's license numbers for some travelers, including Texas cruise passengers.
Carnival Corporation disclosed a social engineering intrusion on an unspecified date that exposed passenger dates of birth and passport numbers.
Carnival Corporation reported a April 14 incident after social engineering compromised an employee account, exposing identity data for 5.99 million people in a Maine Attorney General notice.
Carnival Customer Information, Including Passport Details, Impacted by Data Breach, Cruise Line Says
Carnival Corporation disclosed an April data breach after social engineering enabled unauthorized system access, exposing passenger dates of birth and passport numbers.
Carnival Corporation notified affected individuals beginning May 27 after an April 14 social-engineering attack led to unauthorized access to parts of Carnival IT systems.
Carnival Corporation notified potentially affected individuals in May 2026 after an April 14, 2026 social engineering-driven breach exposed personal information including government ID numbers.
Carnival Corporation filed a Maine Attorney General breach notice in connection with unauthorized employee-account activity affecting nearly 10,000 Mainers.
Carnival Corporation notified the Maine Attorney General's Office after unauthorized employee-account activity exposed personal data for nearly 10,000 Mainers.
Ashley Cole filed a class action in Southern District of Florida against Carnival Corporation alleging delayed breach notice after alleged ShinyHunters exfiltration around April 18, 2026.