Contact us
Contact us

News

About

Home Crypto News Carnival: Social-engineering breach exposed data of 6 million

Carnival: Social-engineering breach exposed data of 6 million

Author Whitewallet Research
Posted: 28 May 2026, 12:21 CET 2 min read

Carnival Corp. reported a social-engineering attack that led to unauthorized access on April 22 and copying of personal data for 5,995,277 people, per a May 27 notice.

Carnival Corp. filed a data-breach notice in Maine dated May 27 reporting an attacker used social engineering on April 14 to trick an employee into granting access. The intruder then used a compromised account on April 22 to access a limited portion of the company’s internal systems and copied files containing personal information for 5,995,277 people before the activity was blocked.

The filing notes Carnival engaged third-party cybersecurity experts and intervened to stop the intrusion. Letters to affected individuals are dated May 27. The notice does not disclose the full categories of data for every person.

Security researchers who reviewed the stolen material found records that appear to include full names, email addresses, dates of birth, genders, Mariner Society membership status and tier, and internal customer identifiers. Carnival’s template notification includes the placeholder “We have determined that your <<data elements>> were obtained,” indicating the company is specifying which fields apply to each recipient.

An extortion group calling itself ShinyHunters claimed responsibility and posted an offer to make the data available for download. The notice offers a complimentary 24-month credit monitoring package through TransUnion’s MyTrueIdentity and fraud assistance from CyberScout.

Passenger records for cruise lines can include identity, contact and payment information that fraudsters can use for identity theft, targeted phishing and other fraud. Carnival reported four cybersecurity events to the New York Department of Financial Services between 2019 and 2021, including two ransomware attacks and a phishing incident that involved malware and resulted in stolen customer and employee information. Past breaches affecting cruise lines have contained passport numbers, health information, payment details, Social Security numbers and credit card data.

Carnival and its investigators are continuing to review the incident and notify individuals whose information was copied.

Whitewallet Research
Author

Articles by this author

What is a crypto seed phrase
What is a crypto seed phrase
3 days ago
Seed phrase vs private key
Seed phrase vs private key
may 21
Global South trails in generative AI, Microsoft finds
Global South trails in generative AI, Microsoft finds
may 21
Anthropic lets Glasswing partners publish Mythos-found flaws
Anthropic lets Glasswing partners publish Mythos-found flaws
may 19
Iran launches Bitcoin-settled insurance for Hormuz shipping
Iran launches Bitcoin-settled insurance for Hormuz shipping
may 18

Latest News

MORE
Standard Chartered Keeps ,000 ETH Target After Drop

Standard Chartered Keeps $40,000 ETH Target After Drop

3 hours ago 2 min read
Fake ChatGPT site steals passwords, targets Mac wallets

Fake ChatGPT site steals passwords, targets Mac wallets

3 hours ago 3 min read
US strikes in Iran trigger 4M crypto liquidations

US strikes in Iran trigger $934M crypto liquidations

8 hours ago 2 min read
Vitalik Buterin to write sci-fi novel on decentralized governance

Vitalik Buterin to write sci-fi novel on decentralized governance

19 hours ago 1 min read
MORE