'They don't care': ShinyHunters strike again as hackers claim to have pinched 7.5 million Carnival cruise emails

News
By published

The biggest cruise company in the world has suffered a supply chain attack

Back view of hooded internet criminal hacking laptop in the dark, stealing credit card details
(Image credit: Shutterstock)
  • Carnival confirmed a supply‑chain breach affecting its Holland America Line loyalty program, with millions of customer records exposed
  • ShinyHunters claimed responsibility, leaking 8.7 million records including personal details and millions of unique email addresses
  • Carnival acknowledges incident and notifies authorities, but downplays scope, describing it as a phishing compromise of a single account

Carnival Corporation has confirmed suffering a supply-chain attack which resulted in the loss of sensitive data belonging to millions of customers.

As the world’s largest cruise company, Carnival operates multiple brands which run passenger cruise ships and offer leisure travel options. One of its subsidiaries is Holland America Line, a premium cruise line that operates mid-sized ships, and has a loyalty program called Mariner Society.

The infamous ShinyHunters collective added Holland America Line to its data leak website, claiming to have taken 8.7 million records, including names, dates of birth, genders, and membership status details.

Article continues below

Confirming the breach

The hackers apparetly leaked the data because Holland America Line never bothered to discuss a ransom payment:

"The company failed to reach an agreement with us despite our incredible patience," the group allegedly said. "They don't care."

In those 8.7 million records, there were at least 7.5 million unique email addresses, breach database Have I Been Pwned? noted.

In a statement given to Cruise Hive, Carnival said it “acted quickly” to shut down the attack, as soon as it was spotted, and made sure the intruders stayed out, before it also notified police.

“Data privacy and protection are extremely important to Carnival Corporation and we’re working closely with trusted global security experts to be thoughtful and deliberate in our review of the data involved, recognizing that anonymous reports circulating online are not always accurate,” a spokesperson said.

“If we determine personal information was affected, we will follow all disclosure requirements and communicate directly with any impacted individuals."

The company allegedly severely downplayed the importance of the incident, telling Have I Been Pwned? that the breach involved a phishing track against a single user account.

Via The Register

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.