Cybercriminals sail away with data from 6 million Carnival customers

On April 14, 2026 Carnival Corporation detected unauthorized access to an employee account via social engineering; the ShinyHunters group later claimed to have stolen millions of customer records (allegedly 8.7M, Carnival reported ~5.99M affected) including names, dates of birth, email addresses and loyalty program data. Carnival is notifying affected individuals, offering two years of TransUnion credit monitoring for eligible U.S. residents, and has said it is enhancing security and monitoring controls as it investigates.