Carnival Corporation customer data leak
Data Leak
Summary
Hide ▲
Show ▼
Carnival Corporation confirmed a customer data leak that exposed personal information for 5,995,277 people, making this a large-scale privacy and identity-risk event. The exposed data included names, dates of birth, email addresses, genders, geographic locations, and loyalty program details. The leak followed a social engineering intrusion into an employee account and was later linked publicly to ShinyHunters. The disclosure matters because the stolen records create downstream risk for fraud, account abuse, and targeted extortion.
Related Happenings
Nissan employee data leak via Oracle PeopleSoft zero-day
Data Leak
H score49
First: 30.06.2026 19:00
Last: 30.06.2026 19:00
Sources 1
About this happening:
**Nissan** disclosed a **data leak** affecting **current and former employees** after attackers exploited **Oracle PeopleSoft**, exposing sensitive payroll and identity records ac...
Nissan employee data leak via Oracle PeopleSoft zero-day
Data LeakAbout this happening: **Nissan** disclosed a **data leak** affecting **current and former employees** after attackers exploited **Oracle PeopleSoft**, exposing sensitive payroll and identity records ac...
Klue Battlecards app Salesforce customer data leak
Data Leak
H score41
First: 19.06.2026 12:03
Last: 19.06.2026 12:03
Sources 1
About this happening:
A **Klue**-related **Salesforce** data leak on **June 12** exposed customer records after an attacker used a **compromised legacy credential** to obtain **OAuth tokens** from Klue...
Klue Battlecards app Salesforce customer data leak
Data LeakAbout this happening: A **Klue**-related **Salesforce** data leak on **June 12** exposed customer records after an attacker used a **compromised legacy credential** to obtain **OAuth tokens** from Klue...
Latest development: 20.06.2026 01:31
Icarus publicly claimed responsibility on its data leak site for the Klue-related Salesforce data theft and pressured Klue and affected organizations to contact the group through Session to avoid publication of stolen data. The same campaign was also tied to additional victims including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity, with most reporting theft from Salesforce instances rather than compromise of their core platforms or infrastructure.
Nottingham University data publication on ShinyHunters leak site
Data Leak
H score68
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
Nottingham University data publication on ShinyHunters leak site
Data LeakAbout this happening: **Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
Campaign
H score60
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
CampaignAbout this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
Latest development: 29.06.2026 23:40
Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.
DentaQuest 2.6 million-account data leak
Data Leak
H score65
First: 04.06.2026 21:36
Last: 04.06.2026 21:36
Sources 1
About this happening:
**DentaQuest**'s **public leak** exposed records for **2.6 million accounts**, putting **personal and health-related data** at risk. The leak followed **ShinyHunters**' claim to h...
DentaQuest 2.6 million-account data leak
Data LeakAbout this happening: **DentaQuest**'s **public leak** exposed records for **2.6 million accounts**, putting **personal and health-related data** at risk. The leak followed **ShinyHunters**' claim to h...
Timeline
-
28.05.2026 13:49 1 articles · 1mo ago
Social engineering attack gains access to Carnival Corporation IT systems
Exploitation ObservedAn unauthorized actor used social engineering to deceive a Carnival Corporation employee and gain access to a limited portion of the company's IT system, forming the April 10 breach that affected customer data.
Show sources
- Carnival Cruise confirms data breach affecting nearly 6 million people — www.bleepingcomputer.com — 28.05.2026 13:49
-
28.05.2026 13:49 1 articles · 1mo ago
Carnival Corporation identifies unauthorized activity in employee account
Detection Ioc UpdateCarnival Corporation's IT security team identified unauthorized activity involving an employee's account after the social engineering intrusion into its systems.
Show sources
- Carnival Cruise confirms data breach affecting nearly 6 million people — www.bleepingcomputer.com — 28.05.2026 13:49
-
28.05.2026 13:49 1 articles · 1mo ago
Carnival Corporation determines personal information was illegally copied
Victim Impact UpdateCarnival Corporation later determined that the bad actor illegally copied personal information from its systems, indicating that the breach had progressed from unauthorized access to confirmed data exfiltration.
Show sources
- Carnival Cruise confirms data breach affecting nearly 6 million people — www.bleepingcomputer.com — 28.05.2026 13:49
-
28.05.2026 13:49 2 articles · 1mo ago
Carnival Corporation begins notifying 5,995,277 customers of data breach
Initial DisclosureCarnival Corporation began notifying 5,995,277 customers that stolen data included names, dates of birth, email addresses, genders, geographic locations, and loyalty program details tied to the Mariner Society loyalty program.
Show sources
- Carnival Cruise confirms data breach affecting nearly 6 million people — www.bleepingcomputer.com — 28.05.2026 13:49
- Carnival Cruise confirms data breach affecting nearly 6 million people — www.bleepingcomputer.com — 28.05.2026 13:49