ShinyHunters Ransomware Blitz Hits 40+ Organizations — Carnival Corp Leaks 8.7 Million Records
What Happened
The notorious ShinyHunters group has launched a massive ransomware campaign impacting over 40 organizations across retail, insurance, hospitality, and other sectors. Among the most significant casualties is Carnival Corporation, the world’s largest cruise company, which confirmed that 8.7 million records from its Holland America Line subsidiary were exposed.
Other major names caught in the blast radius include Mytheresa, Pitney Bowes, The Canada Life Assurance Company, Hallmark, and Inditex (Zara’s parent company). Exposed data spans personally identifiable information (PII), customer records, and internal corporate data — a treasure trove for identity theft and follow-on attacks.
Additional breaches disclosed this week include Vimeo confirming a data breach affecting user data, North Texas Behavioral Health Authority revealing a network intrusion affecting 285,086 individuals, and Checkmarx confirming data theft in a supply chain attack.
Sources
Why It Matters
ShinyHunters has been steadily escalating in both volume and target quality. Hitting 40+ organizations in a single campaign signals either a massive scaling of their affiliate network or a new automation playbook for initial access. The breadth of industries affected — from cruise lines to insurance to fashion retail — means this isn’t a targeted vertical attack; it’s industrialized smash-and-grab.
If your organization handles customer PII and you haven’t war-gamed a ransomware scenario recently, this is your wake-up call. The attackers aren’t choosing targets carefully — they’re choosing targets quickly.
