CARNIVAL Corporation has experienced a significant data breach affecting approximately 6 million individuals. The breach was discovered on April 14 when attackers accessed an employee's account through social engineering, leading to the exfiltration of personal data including names, addresses, dates of birth, email addresses, phone numbers, and government-issued ID numbers. The hackers, part of the group ShinyHunters, claimed to have stolen 8.7 million records.
Carnival is offering affected individuals 24 months of free credit monitoring. The incident raises concerns about the need for stronger defenses against social engineering attacks.