ShinyHunters confirms theft of 6 million Carnival customer records after April breach

A hooded figure representing the cybercriminal threat behind the Carnival data breach.

Carnival Corporation confirms nearly 6 million customers had personal data stolen in an April breach claimed by ShinyHunters. Passport numbers and license details were exposed.

Darryl Linington, Published 06/01/2026 🇩🇪

Carnival kept quiet for six weeks. Now it has confirmed the obvious: ShinyHunters walked off with personal data belonging to nearly 6 million customers after an April breach, and the group had already been leaking it online.

The attack was swift. On April 14, Carnival's security team spotted something wrong with a single employee account. A social engineering call was all it took to get inside. By April 22, internal investigators confirmed the attacker had already copied the data and left.

What was stolen

The stolen records vary by individual but confirmed categories include names, home addresses, email addresses, phone numbers, dates of birth, driver's license numbers, and passport numbers. Carnival's filing with Maine's attorney general puts the affected count at just under 6 million. ShinyHunters listed 8.7 million records on its leak portal in late April, a figure that includes data tied to the Mariner Society loyalty program run by Holland America Line. Have I Been Pwned confirmed the dataset. Carnival declined to pay. The data went public.

A repeat offender with a repeat target

Carnival has been here before. A 2019 breach exposed data belonging to roughly 180,000 customers and employees and ended with a $1.25 million regulatory fine. A second incident followed in 2021. The company's notification letters for this breach went out on May 27, six weeks after the intrusion began.

ShinyHunters does not slow down. The group has torn through a string of major targets in 2026 alone, hitting companies with the same playbook each time: get in through a person, grab the data, demand payment, publish if ignored. The FBI flagged the pattern earlier this year after the group targeted companies through compromises of Salesforce environments. ADT and Mixpanel were hit in the same campaign window.

US residents confirmed as affected are being offered two years of complimentary credit monitoring through TransUnion. Carnival says it has strengthened security controls following the incident.

Source(s)

The Record

Maine Attorney General

⟨

HP releases new 14-inch workstation globally with 64 GB RAM, 120 Hz display and Nvidia graphics

LG Display announces 2,000 nit OLED gaming monitor panel; teases return of Black Frame Insertion support

⟩

Add as a preferred source on Google

Loading Comments

Comment on this article

Darryl Linington - Tech Writer - 304 articles published on Notebookcheck since 2025

I’m a tech editor and journalist with more than 20 years of experience covering smartphones, AI, gaming hardware, and emerging technology. I’m passionate about making complex topics clear, engaging, and relevant—especially when they shape how we live, work, and play. I’m also an author with a love for psychological thrillers, horror, and honest, emotionally driven storytelling. My books include Drowning, 3:33 a.m., The Midnight Murderer, Keystrokes of Vengeance, and Life’s Too Short For This Sh!t!. Whether I’m writing about technology or fiction, my goal is always to connect with readers, spark thought, and leave a lasting impression. Inspired by my daughters and shaped by years of media experience, I bring curiosity and purpose to everything I write.

contact me via: @DarrylLinington, Facebook, DarrylLinington, LinkedIn

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 06 > ShinyHunters confirms theft of 6 million Carnival customer records after April breach

Darryl Linington, 2026-06- 1 (Update: 2026-06- 1)

What was stolen

A repeat offender with a repeat target

Source(s)

Related Articles