A new Carnival data breach affected nearly 6 million people after attackers used social engineering to access company systems. Here’s what happened, what data may have been leaked, and how you can better protect yourself.
Table of Contents
What Happened?
Carnival said the attack began when a hacker used social engineering (manipulating employees into giving access) against a company worker. The attacker gained access to an employee account on April 14, 2026, and later accessed a limited part of Carnival’s internal systems.
The company discovered that files containing personal information were copied before access was blocked. A data breach notice filed in Maine said 5,995,277 people were affected.
The cybercriminal group ShinyHunters later claimed responsibility for the attack. The group is known for stealing company data and demanding ransom payments in exchange for not publishing it online.
What Information Was Leaked?
Carnival said the leaked information may vary by person because different customers shared different details over time. The company did not publish a complete list of affected data fields.
Researchers cited in the report said the stolen data appears to include:
- Full names
- Email addresses
- Dates of birth
- Gender information
- Mariner Society membership details
- Internal customer identification numbers
The report also noted that previous Carnival-related breaches included passport numbers, payment details, health information, addresses, and other personal records. Carnival has not confirmed whether all of that information was leaked in this 2026 attack.
Futureproof monitors your information for data leaks 24/7 and guides you with clear steps to keep it safer from scams.
Run a free checkData breaches can continue causing problems long after the headlines disappear. Scammers often use leaked information in phishing emails, fake customer support calls, identity theft attempts, or impersonation scams.
Many people also do not realize their information was leaked until suspicious activity appears later.
If you are not sure whether your information was leaked somewhere online, checking regularly can help you spot problems earlier.
With Futureproof, you can quickly check whether your email appeared in known data breaches and get simple steps to secure your account.
At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
