Carnival Corporation, the world's largest cruise-line operator with 90+ ships across Carnival, Princess, Holland America, Costa, P&O, Cunard, AIDA, and Seabourn, has confirmed a breach affecting 5,995,277 customers. The intrusion began April 10 when an employee was social-engineered into giving up account credentials; Carnival's IT team detected the unauthorized activity on April 14. ShinyHunters claimed responsibility in April and listed the company on its data leak site. Carnival served around 13.5 million guests in 2024 across its fleet. The company is now notifying affected individuals. The pattern aligns with the broader ShinyHunters SaaS-extortion playbook documented across Charter, Instructure, and others over the past quarter.