Carnival confirms ShinyHunters cruised off with 6M customer records after April breach

Carnival Corporation, the world's largest cruise operator, has confirmed a major data breach in which approximately six million customer records were stolen. The breach occurred on April 14, when an employee fell victim to a social engineering attack, allowing hackers to gain unauthorized access to the company's systems. Although Carnival declined to comment on the identity of the hacking group, it is believed to be the work of ShinyHunters, which had previously claimed responsibility for the breach. The compromised data likely includes sensitive customer information, posing a significant risk to those affected. A company filing with the Maine attorney general's office revealed the scope of the breach, which is lower than the initial estimate of 8.7 million records reported by Have I Been Pwned¹. This breach matters to cybersecurity practitioners because it highlights the ongoing threat of social engineering attacks and the need for robust employee training and security measures to prevent such incidents.