ShinyHunters has claimed responsibility for unauthorized access to Carnival Corporation systems resulting in exfiltration of personal data belonging to approximately 6 million customers and employees. This is Carnival’s fourth publicly known breach since 2019. The incident has no applicable software patch; remediation is entirely access control, identity hardening, and monitoring-focused. For organizations managing large PII repositories or consumer-facing cloud data stores, this breach is a reference case for the access control gaps that ShinyHunters consistently exploits.