Skip to content
logo Germany's largest online travel magazine
A brand of Bild
News All topics
Carnival Data Breach

Millions of Customer Records Stolen in Cyberattack–Aida Also Affected?

Carnival Corporation includes Aida Cruises, as well as Costa Crociere, Cunard, and Princess Cruises.
Carnival includes not only Aida Cruises but also Costa Crociere, Cunard, and Princess Cruises. Photo: Getty Images
Share article

May 30, 2026, 8:54 am | Read time: 2 minutes

A cyberattack on one of the world’s largest cruise companies is causing a stir. Unknown perpetrators gained access to internal systems of Carnival Corporation and reportedly copied data from millions of travelers. Particularly concerning for German vacationers: Aida Cruises is part of the corporate group. The current status of the investigation reveals which information is affected and what is known so far.

Access via Employee Account

As BILD reports, citing “Ad-Hoc-News,” attackers managed to infiltrate Carnival Corporation’s internal systems via an employee account as early as April 18. According to the company, the suspicious activity was only noticed four days later.

On April 22, the Miami-based company discovered that data had been copied from the systems. In a statement, Carnival explicitly described the incident as a social engineering attack. The perpetrators did not exploit a technical vulnerability but instead deceived an employee to obtain their login credentials.

Which Data Might Be Affected

In addition to Aida Cruises, Carnival Corporation includes Costa Crociere, Cunard, and Princess Cruises. Whether customers of Aida Cruises in Germany are affected by the incident is currently unclear. A request to the company has so far gone unanswered. Furthermore, Carnival’s statement does not specify which brands or countries are specifically impacted.

According to an analysis of the published dataset by the website “Have I Been Pwned,” the following information is reportedly included:

  • Names
  • Birthdates
  • Email addresses
  • Gender
  • Geographic information
  • Passport numbers
  • Driver’s license data
  • Information from loyalty and bonus programs

Overall, data from nearly six million travelers could be affected, according to current findings.

More on the topic

Extortion Group Claims Responsibility for Attack

The extortion group ShinyHunters has claimed responsibility for the cyberattack. According to the perpetrators, significantly more internal data was copied than is currently known. Carnival has not yet officially confirmed these claims.

Repeated Security Incidents at Carnival

For the cruise company, the current incident is not the first major cyberattack. In recent years, the company has repeatedly reported security issues affecting personal data and, in some cases, financial information of customers and employees.

Back in 2020, Aida Cruises and Costa Crociere were targeted by hackers. At that time, the onboard system was attacked, leading to the cancellation of several planned cruises at short notice. Investigations into the new data breach are currently ongoing.

This article is a machine translation of the original German version of TRAVELBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@travelbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.