Carnival Cruise Line suffered a massive data breach by the ransomware gang ShinyHunters through social engineering on April 18, 2026 that is estimated to have affected 8.7 million records. The data breach is still being investigated, but is reported to have included names, addresses, birthdates, passport details, phone numbers, email addresses and possibly credit card data and passwords, all of which puts millions of Carnival’s customers in danger of identity theft. A class action has been filed on behalf of the affected Carnival customers that alleges that Carnival did not notify victims of the data breach in a timely manner which put them at increased risk of identity theft. The class action further alleges that Carnival did not implement reasonable data security protections including failing to encrypt sensitive data held by Carnival. As further developments in the case occur, I will report them to you.
TIPS
This data breach and the resulting class action is a good example of companies having to do a better job at protecting their customers data. In particular, companies should be encrypting all sensitive data and limiting access to only employees who require access to particular data. Not enough companies are taking these common sense steps. In addition, companies should be training their employees, particularly those in IT to better defend against socially engineered attacks which rely on the cybercriminals use of psychology to convince employees of targeted companies to provide access to their company computer networks.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/