Cruise Hospitality Center – Cruise Ship Operations & Hospitality Management Training

The extortion group ShinyHunters has listed Carnival Corporation & plc on a damaging portal, claiming to have stolen more than 8.7 million records that include personal data and internal corporate data.

While the leak has not been confirmed as legitimate, the threat is being taken seriously, and the corporation is investigating the potential breach.

According to CyberInsider, Carnival Corporation has not discussed what type of data has potentially been impacted, and it is not known if any customer data could be affected.

“We acted quickly to block unauthorized activity following a phishing incident involving a single user account,” the corporation confirmed. “We’re working with top global security experts to better understand the scope of the activity. These kinds of scams are rising for all companies, and we continue strengthening our security to defend against them.”

Carnival Corporation has not provided any further information on the mechanism by which a breach may have occurred or whether or not any additional threats have been made by ShinyHunters. The initial “Pay or Leak” threat expired on Tuesday, April 21, 2026.

At that time, the extortion group claimed the data would be released publicly if their demands were not met, potentially exposing millions of cruise guests and corporation employees to identity theft, bank account breaches, and other problems.

If customer data has been leaked, it could include details from any of the cruise brands in the Carnival family, including Carnival Cruise Line, Holland America Line, Princess Cruises, Costa Cruises, P&O Cruises, and more.

Types of information that might be included in such a breach could be anything from guest names and booking histories to credit card and banking information, current sailing reservations, addresses, emails, loyalty program accounts, passport data, birthdates, passwords, phone numbers, and more.

Internal data might include details on corporate discussions, payroll activities, employee information, and similar data.

Carnival Cruise Line and other lines are not without a variety of tech difficulties. Cruise Hive reported on widespread disruptions to Carnival’s online operations in February 2026, and earlier this month, an email glitch flooded some guests with dozens of identical cruise offer emails.

Neither of those previous events appears to be in any way related to a data breach of any sort.

Should Cruise Guests Be Concerned?

While any potential data breach is concerning, many experienced cruise guests are not taking this particular threat seriously.

In a Reddit discussion about the breach, commenters noted that data breaches occur frequently from a wide range of sources, and this is likely no different.

“Thanks to breaches like this my credit monitoring will be again extended for free. This should put the expiration out to 4/20/3272,” one person quipped.

“Can they release everything they have on casino deals? I want to see the formula for how they decide who gets which deals,” another asked.

Nevertheless, savvy guests who have sailed with any of the Carnival Corporation brands in the past will want to keep an eye on their sensitive data. This should include noting any suspicious activity on credit cards or digital accounts, as well as taking steps to protect their personal passwords.

This would not be the first time data from Carnival Cruise Line has been breached. In August 2020, a breach exposed a variety of personal data, though suspicious activity had been noted as early as May 2019. Eventually, the cruise line had to settle a $1.25 million dollar fine and take steps to strengthen its electronic security.

Should this most recent breach be found to be genuine, Carnival Corporation would likely reach out to potentially impacted guests with further information and any necessary next steps.

Carnival Probes Alleged Data Breach Involving 8.7 Million Records

Uncategorized