Carnival Confirms Breach Hit 5.99 Million People After 1 Account Was Compromised

3 articles · Updated · Fox News · Jun 5

5,995,277 people were affected after a social engineering attack on a single user account gave an unauthorized actor access to a limited part of Carnival’s IT system.
Carnival said exposed data may include names, addresses, email addresses, phone numbers, dates of birth and government-issued ID numbers such as passport and driver’s license details.
Have I Been Pwned said leaked data published by ShinyHunters contained 8.7 million records and 7.5 million unique email addresses, apparently tied to Holland America’s Mariner Society loyalty program.
That mix of personal and loyalty data can fuel convincing cruise-themed phishing, refund and upgrade scams, including against travelers who may identify with Carnival-owned brands rather than Carnival itself.
Carnival said it blocked the activity, hired outside security experts, alerted law enforcement and is notifying affected people, with eligible U.S. individuals offered two years of credit monitoring.