Skip to content
logo Germany's largest online travel magazine
A brand of Bild
News All topics
Data Breach at Carnival

Millions of Cruise Customer Data Stolen in Cyberattack–Who Is Affected

The Carnival Corporation includes Aida Cruises, as well as Costa Crociere, Cunard, and Princess Cruises.
Carnival includes not only Aida Cruises but also Costa Crociere, Cunard, and Princess Cruises. Photo: Getty Images
Share article

June 1, 2026, 2:15 pm | Read time: 2 minutes

A cyberattack on one of the world’s largest cruise companies is causing a stir. Unknown perpetrators gained access to the internal systems of Carnival Corporation and are said to have copied data from millions of travelers. Particularly concerning for German vacationers: Aida Cruises is part of the group. The current state of the investigation reveals which information is affected and what is known so far.

Access via Employee Account

As BILD reports, citing “Ad-Hoc-News,” attackers managed to penetrate the internal systems of Carnival Corporation via an employee account as early as April 18. According to the company, the suspicious activity was not noticed until four days later.

On April 22, the Miami-based company discovered that data had been copied from the systems. In a statement, Carnival explicitly described the incident as a social engineering attack. The perpetrators did not exploit a technical vulnerability but instead deceived an employee to obtain their login credentials.

Which Data Might Be Affected

In addition to Aida Cruises, Carnival Corporation includes Costa Crociere, Cunard, and Princess Cruises.

According to an analysis of the published dataset by the website “Have I Been Pwned,” the following information is reportedly included:

  • Names
  • Birthdates
  • Email addresses
  • Gender
  • Geographical information
  • Passport numbers
  • Driver’s license data
  • Information from loyalty and bonus programs

Overall, data from nearly six million travelers could be affected, according to current findings.

When asked, Aida stated: “In the course of the ongoing investigation into data security, Carnival Corporation confirms: There is no evidence that personal data of Aida guests is affected.”

More on the topic

Extortion Group Claims Responsibility for Attack

The extortion group ShinyHunters claimed responsibility for the cyberattack. According to the perpetrators, significantly more internal data was copied than previously known. An official confirmation of these claims by Carnival is not yet available.

Repeated Security Incidents at Carnival

For the cruise company, the current incident is not the first major cyberattack. In recent years, the company has repeatedly reported security issues where personal data and, in some cases, financial information of customers and employees were affected.

As early as 2020, Aida Cruises and Costa Crociere were targeted by hackers. At that time, the onboard system was attacked, leading to the cancellation of several planned cruises at short notice. Investigations into the new data breach are currently ongoing.

This article is a machine translation of the original German version of TRAVELBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@travelbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.