Carnival Corporation suffered a data breach affecting 7.5 million records from its Holland America loyalty program after ShinyHunters claimed to obtain and later published the data.
What happened
According to HIBP, in April 2026 the hacking collective ShinyHunters claimed they had obtained a substantial volume of data from Carnival cruise operator and attempted to extort the organization. The group subsequently published the data publicly. Carnival acknowledged a phishing incident involving a single user account and stated they were working to understand the scope of the unauthorized activity.
What was exposed
The breach contained 8.7 million records with 7.5 million unique email addresses. Exposed data included names, email addresses, dates of birth, genders, geographic locations, and loyalty program details related to the Mariner Society program run by Holland America, a Carnival subsidiary.
Who is affected
Approximately 7.5 million individuals with accounts in the Mariner Society loyalty program operated by Holland America, a cruise line brand under Carnival Corporation.
What to do now
Affected individuals should monitor their accounts for suspicious activity and consider changing passwords. Those who received notification from Carnival should follow the company's recommended remediation steps.