Carnival
What was exposed
Dates of birthEmail addressesGendersGeographic locationsLoyalty program detailsNamesSalutations
What to do if you were affected
- Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
- Be wary of targeted scams that use your personal details to sound convincing.
Details
In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.
Frequently asked questions
What is the Carnival data breach?
In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week,...
When did the data breach happen?
This data breach occurred around April 2026.
How many accounts were affected?
Around 7,531,359 accounts were affected.
What information was exposed?
Exposed data included Dates of birth, Email addresses, Genders, Geographic locations, Loyalty program details, Names and Salutations.
What should I do if I was affected?
Expect more phishing and spam at this address. Treat messages that reference this company with extra caution. Be wary of targeted scams that use your personal details to sound convincing.
Related breaches