Cruise Operator Carnival Corp Data Breach Occurred Due to Social Engineering
Published
Key Takeaways
- Account Compromise Detected: Carnival Corp identified a breach stemming from an employee account in April.
- Sensitive Data Exposed: The cruise operator intrusion reportedly occurred via social engineering and compromised sensitive personal information.
- Remediation and Response: Carnival engaged third-party experts and offers credit monitoring to victims.
Carnival Corp announced on Wednesday that it had detected a social engineering incident involving a compromised employee account in April. Recent breach notification messages announced that the world’s largest cruise operator's breach resulted in the unauthorized exfiltration of personal information.
Social Engineering Attack Vector and Mitigation
Carnival said the threat actors gained access to the data by utilizing social engineering tactics to deceive an employee, but did not mention the number of affected individuals. “An unauthorized actor used social engineering to deceive an employee to gain access to a limited portion of our company’s IT system,” the company notification message said.
According to the operator, the impacted Carnival Corporation data includes the following personal information:
- name,
- address,
- email address,
- phone number,
- date of birth,
- government-issued identification number (e.g., driver's license number, passport number).
In late April, Carnival Corporation began investigating after ShinyHunters claimed it had stolen 8.7 million records.
On April 24, breach notification service Have I Been Pwned (HIBP) added 7.5 million unique records that appear related to Holland America Line’s Mariner Society loyalty program. The leaked data includes dates of birth, email addresses, genders, geographic locations, loyalty program details, names, and salutations.
Soon after, several former passengers claimed the company failed to adequately protect their personal data, and three separate lawsuits were filed in the U.S. between April 22 and April 24, 2026.
Historical Intrusions Across Cruise Lines
Carnival is currently notifying affected individuals via email where possible, beginning on May 27. The company is offering affected U.S. customers two years of free credit monitoring. Upon detecting the anomaly within its network, Carnival stated that it quickly blocked the unauthorized activity to contain the exposure and hired third-party security experts to conduct a thorough forensic investigation.
This recent breach follows a 2020 Carnival ransomware attack that compromised the personal information of some guests, employees, and crew. That prior incident affected multiple segments of the enterprise, including Carnival Cruise Line, Holland America Line, Princess Cruises, and its medical operations.
In January, Okta SSO accounts were targeted in a vishing campaign using custom Phishing-as-a-Service kits, allegedly carried out by ShinyHunters. The threat actor is known for its social engineering tactics, with one of the most prominent incidents being the 2025 Allianz Life data breach.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular