Within the administrative networks that support modern passenger shipping, Carnival Corporation has been identified as a potential target of a ransomware incident attributed to the hacking collective known as ShinyHunters. The group has asserted that it obtained access to a substantial volume of data, reportedly encompassing approximately 8.7 million records containing personal identifiers such as names and dates of birth, and has issued a threat of disclosure should its demands remain unmet.
The incident is understood to form part of a wider campaign affecting numerous organisations across multiple sectors, with the same group linked to a series of high-profile data breaches in recent years.
Initial detection of the breach arose from irregular activity traced to a single user account within the company’s systems. Following identification, the operator reported that containment measures were implemented without delay, including the termination of unauthorised access pathways and notification of law enforcement authorities.
Company representatives further indicated that data security remains a central concern and that specialist external advisors have been engaged to conduct a detailed assessment of the incident. It was also conveyed that information circulating in unofficial channels may not fully reflect the verified scope of the breach, and that any confirmed compromise of personal data would be addressed in accordance with applicable disclosure requirements, including direct communication with affected individuals.
At the time of reporting, the full extent of the intrusion and the validity of the claims regarding the volume of compromised records remain under examination, with the company continuing its review alongside cybersecurity specialists.