Carnival Cruise confirms data breach affecting nearly 6 million people

Executive summary: Carnival Corporation disclosed an April 2026 data breach affecting nearly 6 million customers after an attacker used social engineering to access an employee account and copy personal information; the ShinyHunters extortion group claimed responsibility and published records including names, dates of birth, emails, genders, locations and loyalty program details, and third-party analysis corroborated the presence of Mariner Society loyalty data.