THU 02 JUL 2026 · GMT EDITION A WHITESTONE INTELLIGENCE PUBLICATION
MARKETS · CYBER · MEMOS · MODELS
DAILY ISSUES26 MAY27 MAY28 MAY29 MAY30 MAY31 MAY01 JUN02 JUN03 JUN04 JUN05 JUN06 JUN07 JUN08 JUN09 JUN10 JUN11 JUN12 JUN13 JUN14 JUN15 JUN16 JUN17 JUN18 JUN19 JUN21 JUN22 JUN23 JUN24 JUN25 JUN26 JUN27 JUN28 JUN29 JUN30 JUN01 JUN02 JUNALL ›
FRONT PAGE / CYBER / CYB-2026-06-005
CYBER · ransomware threat groups · 2026-05-29SCOOP 80

Carnival confirms breach of 5,995,277 people after ShinyHunters social-engineers employee account

Carnival Corporation disclosed a data breach affecting 5,995,277 people, per a notification filed in Maine, with breach-notice letters sent on or about May 27, 2026.

·FILED ISSUE 2026-05-29·1 MIN READ·RE-VERIFIED 2026-07-02 UTC·✓ RE-VERIFIED 2026-07-02

At a glance

  • 5,995,277 people affected, per notification filed in Maine; breach letters sent on or about May 27, 2026
  • Social engineering of employee on April 14, 2026; intruder used compromised account by April 22, 2026 to copy data before being blocked
  • Exposed data: full names, emails, dates of birth, gender, Mariner Society membership status/tier, internal customer identifiers; other reporting adds addresses, phone numbers, government-issued ID numbers
  • ShinyHunters extortion group tied to the intrusion; group simultaneously linked to the Charter Communications breach
  • 24 months complimentary credit monitoring via TransUnion MyTrueIdentity; fraud assistance from Cyberscout

VERDICT — CONFIRMED

high confidence · primary + corroborating sources verified · re-verified 2026-07-02 UTC
Carnival confirms breach of 5,995,277 people after ShinyHunters social-engineers employee
Image via primary source

Carnival Corporation disclosed a data breach affecting 5,995,277 people, per a notification filed in Maine, with breach-notice letters sent on or about May 27, 2026. According to Carnival, an attacker used social engineering on April 14, 2026 to trick an employee into granting access to part of the company's IT environment; by April 22, 2026 the intruder used the compromised account to reach a limited portion of Carnival's systems and copy personal data before being blocked. Exposed data varied by individual but generally included full names, email addresses, dates of birth, gender, Mariner Society membership status and tier, and internal customer identifiers; other reporting cites addresses, phone numbers and government-issued ID numbers for some records.

The extortion group ShinyHunters, known for steal-then-extort tactics with a publish-or-sell threat, was tied to the intrusion. Carnival is offering affected individuals 24 months of complimentary credit monitoring via TransUnion's MyTrueIdentity, with fraud assistance from Cyberscout, and says it has implemented additional security measures. The incident is the largest single consumer-data breach disclosed at the start of the window and fits a 2026 pattern of ShinyHunters-led vishing/social-engineering campaigns against large enterprises (the group is simultaneously linked to the Charter Communications breach).

For 6 million cruise customers, the exposure of DOB plus loyalty-tier and identity data creates durable phishing and identity-theft risk well beyond the credit-monitoring window.

Key facts on file

  • 5,995,277 people affected, per notification filed in Maine; breach letters sent on or about May 27, 2026
  • Social engineering of employee on April 14, 2026; intruder used compromised account by April 22, 2026 to copy data before being blocked
  • Exposed data: full names, emails, dates of birth, gender, Mariner Society membership status/tier, internal customer identifiers; other reporting adds addresses, phone numbers, government-issued ID numbers
  • ShinyHunters extortion group tied to the intrusion; group simultaneously linked to the Charter Communications breach
  • 24 months complimentary credit monitoring via TransUnion MyTrueIdentity; fraud assistance from Cyberscout
  • Described as the largest single consumer-data breach disclosed at the start of the window

PRIMARY SOURCE

Malwarebytes — Pieter Arntz (2026-05-28)
· fetched at filing · archived at publication
Share
Filed by the Cyber desk · verified by the verification desk · re-verified 2026-07-02 · Our standards: the two-source rule ›
CITE THIS FILE — The Dossier Wire · cyb-2026-06-005 · filed 2026-05-29 · https://thedwire.com/wire/cyb-2026-06-005-carnival-confirms-breach-of-5-995-277-people-after.html · Primary and corroborating sources listed above; archived at publication. Republishing & licensing: hello@thedwire.com.
More from Cyber FULL DESK ›
Charter confirms ShinyHunters breach via Entra vishing; group claims 40M+ Spectr
CYBER · SCOOP 79

Charter confirms ShinyHunters breach via Entra vishing; group claims 40M+ Spectrum records, Charter denies CPNI loss

Charter Communications confirmed a data breach after the extortion group ShinyHunters listed the company and threatened to leak stolen data. Per BleepingComputer, threat actors compromised an employee's Microsoft Entra account via voice phishing (vishing) on April 1, 2026, then used that access to export customer records from Charter's Sa

✓ verifiedSOURCE ↗
READ THE FILE ›
Carnival Confirms ~6 Million Affected After April Social-Engineering Breach Clai
Photo: Maryland GovPics · via Wikimedia Commons · CC BY 2.0
CYBER · SCOOP 66

Carnival Confirms ~6 Million Affected After April Social-Engineering Breach Claimed by ShinyHunters

Carnival Corporation confirmed a data breach affecting approximately six million individuals, stemming from a social-engineering attack on an employee in April 2026. The company says an unauthorized actor used social engineering to deceive an employee and gain access to a limited portion of its IT systems on or around April 10, 2026; Carn

✓ verified
READ THE FILE ›
FBI warns Silent Ransom Group is posing as IT helpdesks — and walking operatives
Getty Images via CyberScoop
CYBER · SCOOP 62

FBI warns Silent Ransom Group is posing as IT helpdesks — and walking operatives into US law firms

The FBI warned in a May 26 advisory that the Silent Ransom Group (SRG) — the data-theft extortion crew also tracked as Luna Moth, Chatty Spider and UNC3753 — has "consistently targeted U.S.-based law firms" and has recently begun posing as employees from victims' own IT departments, with the alert rippling through the legal and security t

✓ verifiednewSOURCE ↗
READ THE FILE ›

The morning wire in your inbox — every brief, primary sources linked, no noise.

Free tier. The Wire — continuous desk briefs · Records archive · Bureau alerts.

Stored to the wire's subscriber list. No spam, unsubscribe any time.