Carnival Corporation has confirmed a major cybersecurity breach that affected nearly 6 million people connected to the company. The incident was discovered in April 2026 after hackers gained unauthorized access to part of the company’s internal systems. According to the company, the attack happened through a social engineering method where employees were tricked into giving access. Carnival quickly started an investigation after detecting suspicious activity on April 14.

The company said attackers managed to enter its systems through a compromised employee account. After gaining access, hackers were able to view sensitive customer information stored inside company databases. Carnival later confirmed that personal data belonging to millions of people may have been exposed during the incident. Cybersecurity experts were immediately brought in to help investigate the full impact of the breach.

Reports say the exposed information may include names, email addresses, phone numbers, home addresses, and dates of birth. Some records may have also contained passport details, driver’s license information, and loyalty program data. Carnival has not publicly confirmed exactly how much information was leaked online after the attack. However, the company admitted that unauthorized access did occur and customer information was exposed.

Carnival Corporation operates several famous cruise brands across the world and serves millions of passengers every year. Its brands include Carnival Cruise Line, Princess Cruises, Holland America Line, Cunard, Costa Cruises, and Seabourn. The company runs more than 90 cruise ships globally and handles large amounts of customer data regularly. Because of its size, the breach has become one of the largest travel industry cyber incidents this year.

Cybersecurity researchers linked the attack to the hacking group known as “ShinyHunters.” The group has previously been connected to several large-scale data breaches involving global companies and online platforms. Reports claimed that millions of Carnival customer records were leaked online following the cyberattack. The hackers reportedly targeted company systems after gaining access through manipulated employee credentials.

After discovering the breach, Carnival said it immediately blocked unauthorized access to its systems. The company also strengthened security controls and increased monitoring across its network to prevent further attacks. Affected individuals are now being informed about the incident as part of the company’s response process. In some areas, users are also being offered credit monitoring and identity protection services.

Security experts say this attack highlights the growing danger of social engineering and phishing attacks. Instead of directly hacking systems using advanced software, criminals often target employees through fake emails or login pages. Once an employee account is compromised, attackers can move through company systems and steal important information. Experts believe businesses must improve employee awareness along with technical cybersecurity protections.

Users affected by the breach are being advised to stay alert for suspicious activity and possible scam attempts. Experts recommend changing passwords linked to cruise accounts and enabling two-factor authentication wherever possible. People should also watch for phishing emails or fake calls pretending to come from Carnival or financial institutions. The investigation into the incident is still ongoing as cybersecurity teams continue examining the full extent of the breach.