# Carnival Cruise Line Suffers Extensive Data Breach **Carnival Corporation**, a major player in the cruise industry, has confirmed a data breach affecting a staggering 5,995,277 customers. The breach, which occurred on April 10, 2026, was the result of a successful social engineering attack, according to the company's notifications. ## Social Engineering Attack Leads to Data Theft According to **Carnival**, an employee was tricked via social engineering, granting unauthorized access to a portion of the company's IT systems. "On April 14, 2026, the Company's IT security team identified unauthorized activity involving an employee's account. An unauthorized actor used social engineering to deceive an employee to gain access to a limited portion of the Company's IT system," **Carnival** stated in data breach notification letters. The company claims to have acted swiftly to contain the incident and has engaged third-party security experts to investigate and bolster their security posture. ## ShinyHunters Claim Responsibility While **Carnival** has not officially attributed the attack, the notorious **ShinyHunters** cybercrime group has claimed responsibility. They allege to have stolen over 8.7 million records containing personally identifiable information (PII) and terabytes of internal corporate data.  ## Exposed Data Details **Have I Been Pwned** analyzed the leaked data and confirmed that it includes names, dates of birth, email addresses, genders, geographic locations, and loyalty program details. The data appears to be linked to the Mariner Society loyalty program run by **Holland America**, a **Carnival** subsidiary. ## ShinyHunters' Recent Activities **ShinyHunters** has been increasingly active, particularly targeting **Salesforce** customers. They have claimed responsibility for significant data thefts, including the **Salesloft Drift** campaign and the **Salesforce Aura** data theft attacks. ## FBI Advice The **FBI** has advised victims of **ShinyHunters** not to pay any ransom demands, emphasizing that payment does not guarantee the return of stolen data or prevent future extortion attempts. ## Carnival's History of Breaches This is not the first time **Carnival Corporation** has been targeted. The company disclosed previous data breaches in March 2020 and June 2021, which exposed personal and financial information. In August and December 2020, ransomware attacks also resulted in the theft of customer and employee data.