Carnival cruise line confirmed as latest ShinyHunters victim | Computer Weekly

Carnival cruise line confirmed as latest ShinyHunters victim | Computer Weekly

Briefly

"Carnival Corporation, the world's largest cruise ship operator, has confirmed an extensive data breach in the wake of an April 2026 system compromise claimed by the now-infamous ShinyHunters cyber gang. As is typical of incidents attributed to ShinyHunters, the attack appears to have stemmed from inside Carnival's supply chain, involving a successful phishing attempt against a third-party account with access to the victims' systems."

"According to HaveIBeenPwned, this enabled the hackers to steal almost millions of data records linked to holidaymakers who had voyaged with Carnival's Holland America brand, including names, dates of birth, gender and loyalty programme status. Carnival has now added contact details and driving licence and passport data to this list. Almost six million individuals are thought to be affected."

"In a disclosure notice, the company claimed: "Carnival Corporation values the trust you place in us, and we take the privacy and security of your information very seriously ... We deeply regret this incident and any concern it may cause, and have sent notification letters to individuals whose data was impacted.""

""In addition to the comprehensive security measures our company had in place prior to the incident, we have taken steps to further safeguard our systems, including enhancing our security and monitoring controls," said Carnival, which has also committed to offering affected US residents two years of free credit monitoring services. "Our company will continue to advance our IT security and data privacy controls to stay ahead of an ever-evolving threat landscape," the firm added."