Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity NewsHospitality & Casinos

6M Impacted by Carnival Cruise Data Breach

By Jordyn Alger, Managing Editor
Cruise
Alonso Reyes via Unsplash
May 28, 2026

Carnival Corporation has confirmed it experienced a data breach after the the ShinyHunters ransomware group claimed responsibility for an attack in April 2026. The incident was caused by a social engineering attack targeting an employee device, enabling the malicious actor to gain access to a portion of the company’s internal IT system.

“The Carnival breach is another reminder that social engineering continues to outperform many traditional security controls,” states Ensar Seker, CISO at SOCRadar. “Threat actors no longer need sophisticated zero-days when they can exploit human trust, impersonation, and operational pressure to gain legitimate access into enterprise environments. In large organizations with distributed workforces and complex third-party ecosystems, a single compromised employee account can quickly become an entry point into sensitive customer environments.”

Approximately 6 million customers have been impacted by the breach. 

“Nearly six million affected individuals means this is no longer just an operational security issue, it becomes a long-term identity and fraud risk problem,” says Seker. 

The organization has not yet confirmed impacted data, but according to an analysis by Have I Been Pwned, a data breach notification platform, compromised data includes but is not limited to: 

  • Names
  • Email addresses
  • Birth dates
  • Genders
  • Loyalty program information 
  • Geographic locations 

The analysis also stated that the compromised data involved 8.7 million records, including 7.5 million unique email addresses. 

“This is Carnival’s second major data breach of the 2020s,” points out Paul Bischoff, Consumer Privacy Advocate at Comparitech. “The company paid a $1.25 million settlement to victims of a 2020 data breach. The perpetrator in that case was never revealed. Carnival says an unauthorized user accessed employee emails and personal info. As part of that settlement, Carnival agreed to strengthen its email security and breach response practices. Clearly, the email security improvements weren’t enough. However, the company did disclose the breach in a much more timely manner this time around. It took nearly 10 months to report the 2020 breach, whereas this one appears to have been disclosed within one month.”

The organization operates nine cruise line brands: 

  • Carnival Cruise Line
  • Costa
  • P&O Australia
  • P&O Cruises
  • Princess Cruises
  • Holland American Line
  • AIDA
  • Cunard
  • Seabourn

It also operates a travel tour company known as Holland America Princess Alaska Tours. 

Currently, the organization is working with third party experts to investigate and bolster security measures. 

KEYWORDS: consumer protection consumer scams data breach identity security social engineering

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordynalger

Jordyn Alger is the managing editor for Security magazine. Alger writes for topics such as physical security and cyber security and publishes online news stories about leaders in the security industry. She is also responsible for multimedia content and social media posts. Alger graduated in 2021 with a BA in English – Specialization in Writing from the University of Michigan. Image courtesy of Alger

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Computer and laptop

    1.1M Impacted by Farmers Insurance Data Breach, Security Leaders Discuss

    See More
  • Person using stethoscope on teddy bear

    Florida Pediatric Associates health data impacted by data breach

    See More
  • More Than 100,000 Students Impacted by Washoe County School District, NV Data Breach

    See More

Related Products

See More Products
  • Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • 9780128147948.jpg

    Effective Security Management, 7th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing