Unprecedented Data Breach at Carnival Corporation Affects Nearly 6 Million Cruise Passengers
Carnival Corporation has begun notifying close to 6 million passengers about a significant cybersecurity incident that took place in April 2026. This breach, which impacted customers of Carnival Cruise Line, Princess Cruises, Holland America Line, and Seabourn, stands as one of the most extensive data breaches in the history of the cruise industry.
The cyberattack was launched on April 14, employing a social engineering method aimed at an employee account. The hackers managed to gain unauthorized access to the corporate systems and remained active until April 22. During this period, they extracted sensitive data, including:
- Names
- Addresses
- Dates of birth
- Email addresses
- Phone numbers
- Driver’s license details
- Passport information
- Loyalty program records, particularly from Holland America Line’s Mariner Society program
The infamous hacking group ShinyHunters has taken responsibility for the breach. They claim to have stolen over 8.7 million customer records and made the data publicly accessible in late April. In response, Carnival has sought the expertise of external cybersecurity professionals and has implemented strengthened authentication procedures and enhanced monitoring systems.
To support the affected customers, the company is offering complimentary 24-month credit monitoring through TransUnion MyTrueIdentity, along with fraud resolution support.
Source: Travel and Tour World