Hospitality & Travel / Cruise Lines / Enterprise / Consumer
World's largest cruise operator, parent of Carnival, Holland America, Princess and other lines.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
In April 2026 ShinyHunters used social engineering against a Carnival employee account and exfiltrated loyalty-program data, publishing about 8.7 million records with 7.5 million unique email addresses (names, dates of birth, gender and loyalty status). Carnival notified roughly 6 million people; some reporting cites passport, driver's-license and address data copied during the intrusion.
Full threat analysis, exploitation vectors, and principal guidance below.
10 additional sections · verified field analysis · defensive doctrine
7.5M rows records analyzed
Carnival Corporation & plc is the world's largest cruise company, operating multiple cruise lines and loyalty programs serving millions of passengers globally.
A cruise operator holds passenger identity and contact data, dates of birth, loyalty-program status, and for a subset government identifiers and payment data collected for booking and boarding.
Carnival continues to operate. In April 2026 it was hit in the ShinyHunters social-engineering wave; this followed an earlier, unrelated 2019-2020 email-account breach that led to a 2022 multistate settlement.
Carnival faced multistate breach notification, litigation, and reputational exposure across its cruise brands, with the Salesforce-adjacent social-engineering pathway echoing the wider 2026 campaign.
A travel or hospitality breach: itinerary, loyalty and contact data supports pattern-of-life inference and travel-themed phishing. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.
Motivation: Financial extortion, data sale
A prolific data theft and extortion group that began as a database theft and resale actor and evolved toward SaaS-focused extortion. Recent activity involves vishing, credential harvesting, SSO compromise, and theft of customer data from cloud and SaaS environments.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation