At a glance: A social engineering attack on an employee in April enabled unauthorized access to customer data from nearly 6 million people at Carnival Corporation, including passport and driver’s license numbers.
Cruise operator Carnival Corporation (operator of AIDA, Costa, Cunard and other shipping companies) has acknowledged a data security incident in which unauthorized access to 5,995,277 customer records was possible. The access occurred in April through a social engineering attack on an employee account.
According to Carnival, the data breach was triggered by a social engineering attack in which an employee was manipulated to grant attackers access to the IT system. The company detected the unauthorized activity immediately, stopped it, and engaged external security experts and law enforcement authorities.
Names, email addresses, phone numbers, dates of birth, and driver’s license and passport numbers were compromised. Carnival stated that the analysis is not yet complete. The company notified affected individuals by letter and also published a notice on its website, as some individuals could not be reached by mail.
As a protective measure, Carnival is providing affected individuals with two years of complimentary credit monitoring through TransUnion and recommends regular review of account statements and credit reports. According to the company’s public statements, it refrained from an immediate public notice to avoid misunderstandings during the investigation of the scope and consequences of the incident.
In online forums, customers are expressing discontent: they criticize both the time delay until notification and the limited compensation offer, while some users point to unconfirmed reports that stolen data has been published on the darknet. The group ShinyHunters claimed responsibility for the attack; Carnival has not officially commented on this claim.
Source: www.it-daily.net · Published June 3, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.