While passengers soak up the sun, hackers take their own cruise through Carnival customers’ data
While passengers soak up the sun, hackers take their own cruise through Carnival customers’ data
Publish Date: 2026-06-01 01:05:00
Source Domain: www.escudodigital.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
A known threat actor has claimed to possess highly sensitive data that would correspond to the cruise giant Carnival.
The company, based in Doral (Florida), has acknowledged the incident, stating that an attacker gained access to a limited part of its IT infrastructure last month after compromising an employee’s account. By the end of April, the firm determined that the hacker had copied personal information from its systems.
Carnival indicates that the stolen data varies by person but includes names, addresses, email addresses, phone numbers, dates of birth, driver’s license numbers, and passport numbers. Although the operator has not provided the exact number of affected individuals, a document filed with the Maine Attorney General does clarify: nearly 6 million people have had their information compromised.
“We acted quickly to block the unauthorized activity and immediately began working with external security experts to further strengthen our security and conduct a thorough investigation,” the company stated in a release.
Carnival is one of the largest cruise operators in the world and owns brands such as Princess, Holland America Line, Cunard, and Costa Cruises. The company operates over 90 ships worldwide and transports millions of passengers each year.
The attacker is the dangerous ransomware group ShinyHunters, one of the three members of the well-known ‘evil triad’. In April, the gang attempted to extort the giant and in April released samples of the loot obtained. They originally estimated it at 8.7 million records.
ShinyHunters is known for its data thefts from high-profile corporations. Earlier this year, the FBI warned that hackers linked to ShinyHunters were demanding substantial ransoms from companies after stealing data through vulnerabilities in Salesforce environments. The group also recently claimed responsibility for a security breach at the analytics company Mixpanel.
Other ‘data shipwrecks’
Unfortunately, this is not the first time Carnival has fallen victim to such an incident. In 2019, it revealed a data breach that affected its employees’ email accounts and exposed information of about 180,000 customers and workers. Later, regulators fined it $1.25 million for its poor handling of the incident.
In 2021, they experienced another breach, although much more limited in terms of email accounts.
A known threat actor has claimed to possess highly sensitive data that would correspond to the cruise giant Carnival.
The company, based in Doral (Florida), has acknowledged the incident, stating that an attacker gained access to a limited part of its IT infrastructure last month after compromising an employee’s account. By the end of April, the firm determined that the hacker had copied personal information from its systems.
Carnival indicates that the stolen data varies by person but includes names, addresses, email addresses, phone numbers, dates of birth, driver’s license numbers, and passport numbers. Although the operator has not provided the exact number of affected individuals, a document filed with the Maine Attorney General does clarify: nearly 6 million people have had their information compromised.
“We acted quickly to block the unauthorized activity and immediately began working with external security experts to further strengthen our security and conduct a thorough investigation,” the company stated in a release.
Carnival is one of the largest cruise operators in the world and owns brands such as Princess, Holland America Line, Cunard, and Costa Cruises. The company operates over 90 ships worldwide and transports millions of passengers each year.
The attacker is the dangerous ransomware group ShinyHunters, one of the three members of the well-known ‘evil triad’. In April, the gang attempted to extort the giant and in April released samples of the loot obtained. They originally estimated it at 8.7 million records.
ShinyHunters is known for its data thefts from high-profile corporations. Earlier this year, the FBI warned that hackers linked to ShinyHunters were demanding substantial ransoms from companies after stealing data through vulnerabilities in Salesforce environments. The group also recently claimed responsibility for a security breach at the analytics company Mixpanel.
Other ‘data shipwrecks’
Unfortunately, this is not the first time Carnival has fallen victim to such an incident. In 2019, it revealed a data breach that affected its employees’ email accounts and exposed information of about 180,000 customers and workers. Later, regulators fined it $1.25 million for its poor handling of the incident.
In 2021, they experienced another breach, although much more limited in terms of email accounts.
Become a premium member for free!
