Carnival Investigates Potential Data Breach Affecting Millions Of Cruisers

This post may contain affiliate links. If you click one, I may earn a commission at no cost to you. As an Amazon Associate, I earn from qualifying purchases.
You can receive cruise news updates straight to your inbox, so you don't miss a thing! Subscribe here.

Carnival Corporation is investigating a potential cyber attack after a hacking group claimed it had stolen more than 8.7 million records linked to the cruise giant.

Carnival Place, Carnival Corporation and Carnival Cruise Line headquarters in Doral, Florida
Photo: Coolcaesar at English Wikipedia

The group, known as ShinyHunters, has listed Carnival Corporation & plc on a data leak site and says it has obtained a large collection of personal and internal corporate data. The company has not confirmed whether the data is genuine but says it is taking the claim seriously.

If the breach is verified, the records could relate to guests and employees across multiple cruise brands owned by Carnival Corporation.

Carnival Responds To Alleged Breach

Carnival Corporation said it became aware of suspicious online activity involving one user account and acted quickly to shut it down.

A spokesperson for the company said law enforcement has been notified and cybersecurity specialists are now helping to review the situation.

“After detecting unauthorized online activity involving a single user account, we acted quickly to shut it down and block any further unauthorized access and have notified law enforcement.

“Data privacy and protection are extremely important to Carnival Corporation and we’re working closely with trusted global security experts to be thoughtful and deliberate in our review of the data involved, recognizing that anonymous reports circulating online are not always accurate.

“If we determine personal information was affected, we will follow all disclosure requirements and communicate directly with any impacted individuals.“

The hacking group reportedly issued a “pay or leak” ultimatum demanding payment in exchange for keeping the information private. The deadline for that threat expired on 21st April 2026.

Millions Of Records Potentially Exposed

Security researchers say the dataset linked to the breach could contain approximately 8.7 million records, including about 7.5 million unique email addresses.

Some early analysis suggests that part of the information may be connected to the Mariner Society loyalty programme operated by Holland America Line, which is one of Carnival Corporation’s cruise brands.

The Holland America Veendam cruise ship, featuring its dark hull and white superstructure, glides by a coastline bathed in the warm glow of the setting sun.

Data involved in breaches like this can vary widely but often includes names, email addresses, booking histories, loyalty programme information and contact details. In more serious cases, financial data or travel documentation details may also be exposed.

Cybersecurity experts have warned that stolen information can sometimes be used in scams, phishing attempts or identity theft.

Part Of Wider Hacking Campaign

The Carnival claims are part of a broader cyber campaign by ShinyHunters targeting dozens of major organisations around the world.

Reports indicate the group recently published data connected to more than 40 companies, including major retail, financial and hospitality brands.

Unlike traditional ransomware groups that lock computer systems, ShinyHunters often focuses on stealing data and threatening to release it publicly if victims refuse to pay.

Previous Cyber Incidents

This would not be the first cybersecurity incident affecting Carnival Corporation. In 2020, Carnival Corporation disclosed a breach that exposed some personal data connected to guests and employees.

The incident resulted in a $1.25 million settlement and prompted the company to introduce additional security measures.

More recently, the company has also dealt with technical issues affecting online systems. In February 2026, guests reported problems accessing parts of Carnival’s website and booking services, while an email system glitch earlier in April sent repeated promotional messages to some customers.

Those issues are not believed to be related to the current investigation.

For now, travellers who have sailed with any Carnival Corporation brand are being advised to remain cautious and monitor their accounts for unusual activity while the company continues its investigation.

Related Posts:

If you found this interesting, please share!


Jenni with Disney Cruise ship at Castaway Cay


Leave a comment