If you’ve ever been on a cruise, there’s a good chance your personal information was just exposed in a major data breach. Carnival Corporation—the largest cruise line operator in the world—is alerting consumers of a recent hack affecting 6 million people. The incident has been claimed by the ShinyHunters hacking group, which has targeted hundreds of companies in recent years, including Canvas and TransUnion.
Carnival Corporation operates a fleet of more than 90 ships across nine cruise lines: Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and Seabourn. Approximately 13.5 million people traveled with Carnival in 2025.
What happened with the Carnival Cruise data breach?
According to a data breach notice filed with the Maine attorney general, Carnival Corporation discovered “unauthorized activity” on its network on April 14. Threat actors used social engineering to gain access via an employee’s account and copy personal information. The stolen data appear to include names, dates, of birth, email addresses, genders, geographic locations, and loyalty program information. The breach itself occurred on April 10, and the company confirmed that personal information had been exposed on April 22.
As BleepingComputer reports, Carnival has disclosed numerous other cyber incidents in recent years that compromised the personal information of customers, employees, and crew members.
What do you think so far?