:

CARNIVAL CRUISE CONFIRMS DATA BREACH OF 6M PEOPLE

SECURITY DESK1 MIN READ
FRI, MAY 29, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Carnival Corporation acknowledged a data breach affecting nearly 6 million people, with the ShinyHunters extortion gang claiming responsibility in April 2026. The incident marks a significant security failure for the world's largest cruise line operator.

Carnival Corporation has officially confirmed the data breach after ShinyHunters publicly claimed the attack. The extortion gang's disclosure forced the cruise operator to acknowledge the incident affecting millions of passengers and employees. The breach exposed personal information tied to Carnival's operations across its multiple cruise brands. ShinyHunters, known for targeting large corporations and threatening to sell stolen data, demanded payment related to the attack. Carnival has not yet detailed specific information exposed in the breach or provided a timeline for customer notifications. The company operates multiple cruise lines globally, serving millions of passengers annually. This incident adds to a growing list of major data breaches in the travel and hospitality sector. Carnival has not disclosed whether it paid any ransom or the total financial impact of the breach.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

The Trump administration has established the Gold Eagle federal clearinghouse to enable real-time sharing of AI-related cyber threat intelligence between government agencies and private sector companies. The White House says the system is already receiving vulnerability reports and coordinating patch prioritization.

JUST NOWAI Desk

Spanish authorities dismantled a major cybercrime organization responsible for €140 million in fraudulent earnings, resulting in four arrests. The ring operated investment scams and business email compromise attacks.

1H AGOSecurity Desk

SonicWall has released security updates to address two actively exploited vulnerabilities in its SMA1000 appliance. The company urges customers to patch immediately.

1H AGOSecurity Desk

A US federal judge dismissed a class action lawsuit accusing Apple of failing to prevent child sexual abuse material from spreading through iCloud, citing Section 230 protections for online platforms.

2H AGOAI Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.