Data Breach at Carnival Cruises: Millions of Passengers Affected

The notorious hacker group "ShinyHunters" is responsible for the theft. They used a method called social engineering to specifically deceive an employee and obtain their login credentials. The criminals' loot is highly sensitive: in addition to names, addresses, and birth dates, they also got their hands on passport numbers, driver's licenses, and information regarding loyalty programs (such as the Mariner Society). Such detailed profiles are extremely valuable on the darknet and serve as the perfect tool for identity theft.

Carnival is facing intense criticism for taking 43 days to inform the public and the affected holidaymakers about the incident on May 27. The company justified this delay by citing the complex forensic investigation of the data streams. Nevertheless, this hesitation is already having far-reaching consequences: a wave of class-action lawsuits is hitting the company in the US. Because Carnival already struggled with similar security breaches in 2019, 2020, and 2021, lawyers are now accusing the company of gross negligence.

For the affected guests, this incident means one thing above all: extreme caution. Although Carnival is offering adult victims 24 months of free credit monitoring through the service provider TransUnion, the main burden of prevention lies with the passengers themselves. Anyone who has received a notification from the cruise giant should be extremely vigilant in the near future, keep a close eye on bank accounts, and immediately become skeptical of suspicious emails or phone calls. After all, stolen ID data doesn't have an expiration date.