Carnival Corporation investigates suspected ransomware attack potentially affecting millions of records

Carnival Corporation, one of the world’s largest cruise operators, is investigating a suspected ransomware attack that may have exposed up to 8.7 million customer and internal records, including names, dates of birth and other sensitive personal information.

The incident was detected after unauthorized online activity was identified within a single user account. The company moved to contain the breach by shutting down the affected account, blocking further access and notifying law enforcement authorities.

Carnival Corporation operates a global portfolio of cruise brands and serves millions of passengers annually. The company has not confirmed whether any customer or employee data was compromised but stated that a detailed review is underway.

“Data privacy and protection are extremely important to Carnival Corporation, and we are working closely with trusted global security experts to conduct a thorough assessment of the situation,” the company said in a statement. It added that anonymous claims circulating online may not fully reflect the facts and that any confirmed data exposure will be disclosed in accordance with regulatory requirements, with direct communication to affected individuals.

Meanwhile, the hacking group ShinyHunters has claimed responsibility for the attack, stating that it has obtained data linked to Carnival Corporation as part of a broader campaign affecting approximately 40 organizations. The group has threatened to release the data publicly if its demands are not met.

The alleged dataset includes personally identifiable information tied to customers as well as internal corporate data. The scope and authenticity of the data remain under investigation.

ShinyHunters is a cybercrime and extortion group known for carrying out large-scale data breaches targeting major corporations and institutions. Previous incidents attributed to the group have involved technology companies, retailers and academic organizations. Recent targets linked to the group include global brands across retail and consumer sectors, reflecting a pattern of attacks focused on high-value datasets containing personal and commercial information.