## Carnival Confirms Massive Data Breach **Carnival**, one of the world's largest cruise operators, disclosed on Wednesday that hackers successfully stole personal information from its systems after compromising an employee account in April. The breach, attributed to the **ShinyHunters** hacking group, has potentially exposed the data of nearly 6 million individuals. According to **Carnival**, the threat actors gained access to a limited portion of their IT environment and copied personal information. The stolen data includes: * Names * Addresses * Email Addresses * Phone Numbers * Dates of Birth * Driver's License Numbers * Passport Numbers The company filed a notice with Maine's attorney general's office indicating the scope of the breach. ## ShinyHunters' Extortion Attempt In April, **ShinyHunters** claimed to have exfiltrated a large volume of **Carnival** data and attempted to extort the company to prevent its publication. The group eventually released what they claimed were 8.7 million records on their leak site, including data allegedly tied to the Mariner Society loyalty program operated by **Holland America Line**, one of **Carnival's** cruise brands. **Carnival** acknowledged a phishing incident involving a single user account at the time and stated they were investigating the extent of the unauthorized activity. However, the company has not explicitly attributed the attack to **ShinyHunters** in their public statements. ## Carnival's Response and History of Breaches **Carnival** stated that they acted swiftly to block the unauthorized activity and are working with third-party security experts to strengthen their security posture and conduct a thorough investigation. This isn't **Carnival's** first encounter with data breaches. In 2019, the company disclosed a breach involving employee email accounts that exposed information belonging to approximately 180,000 customers and employees. Regulators later fined **Carnival** $1.25 million for their handling of the incident. Another breach was reported in 2021 involving unauthorized access to a limited number of email accounts. ## ShinyHunters' Reputation **ShinyHunters** is a well-known hacking group infamous for high-profile data theft and extortion campaigns targeting large organizations. The **FBI** issued a warning earlier this year about hackers linked to **ShinyHunters** demanding substantial ransom payments from companies after stealing data through compromises involving **Salesforce** environments. The group has also recently claimed responsibility for a breach at analytics company **Mixpanel**.