// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
ColdRecon / Breach Radar / Carnival
Breach Record

Carnival

DISCLOSED 2026-04-18 · STOLEN CREDS · 7,531,359 RECORDS EXPOSED

In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data...

The record

What we know

Disclosed
2026-04-18
Attack vector
Stolen Creds
Records exposed
7,531,359
Domain
carnivalcorp.com
Data classes exposed
Dates of birthEmail addressesGendersGeographic locationsLoyalty program detailsNamesSalutations
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Carnival disclosure. It updates if new public reporting emerges. All tracked breaches →

Carnival just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →