verified2026-04-18

CarnivalCarnival breach

carnivalcorp.com · 7,531,359 records compromised

Records
7.53M
Breach date
2026-04-18
Domain
carnivalcorp.com
Data classes
7

Description

In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.

Compromised data classes· 7

Dates of birthEmail addressesGendersGeographic locationsLoyalty program detailsNamesSalutations

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Breach
Amtrak
Breach
Canada Life
Breach
Pitney Bowes
Breach
Vietnam Airlines
Breach
Aman
Breach
Mytheresa
Sourced from Have I Been Pwned. Aggregate metadata only — no PII. Curated by Adam Lundqvist, Founder at SQUR.