Carnival Corporation has confirmed a data breach affecting nearly 6 million people, and the fallout could reach travelers who may not think of themselves as Carnival customers.

The company says the incident involved a social engineering attack on a single user account. In other words, someone fooled an employee and gained access to part of Carnival’s IT system.

For cruise customers, the real concern starts after the breach. Stolen personal details can help scammers write messages that feel far more believable. Here is what may have been exposed, what Have I Been Pwned found in the leaked data and what you can do now to protect yourself.

Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (Saturday, June 13, 10 a.m. ET)

• Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com

MAJOR CRUISE LINE HACK EXPOSES SENSITIVE DATA OF NEARLY 6 MILLION TRAVELERS

What information was exposed in the Carnival breach?

Carnival Corporation says the breach began with a social engineering attack on a single user account. An unauthorized actor gained access to a limited part of the company’s IT system. Carnival says it immediately blocked the activity, brought in third-party security experts and alerted law enforcement.

A Carnival Corporation spokesperson told CyberGuy,

“In April, we identified unauthorized access to a limited part of our IT system caused by a social engineering attack on a single user account. We immediately blocked the activity, engaged third-party security experts and alerted law enforcement. Our investigation found certain personal information was illegally accessed. We’re notifying affected individuals and deeply regret any concern this causes. Protecting the privacy and security of personal data is a priority for us and we’ve added new layers of security and monitoring on top of the comprehensive protections already in place. We’ll also continue advancing our defenses against evolving threats.”

State breach reporting shows 5,995,277 people were affected. Carnival says the impacted data varies by individual. However, the company says the information known to be involved includes names, addresses, email addresses, phone numbers, dates of birth and government-issued identification numbers, such as driver’s license numbers and passport numbers.

What Have I Been Pwned found in the leaked Carnival data

Have I Been Pwned also analyzed the data published by ShinyHunters and said it contained 8.7 million records with 7.5 million unique email addresses. That data appeared tied to Holland America’s Mariner Society loyalty program and included names, dates of birth, email addresses, genders, geographic locations, salutations and loyalty program details.

That means this breach could affect you even if you think of yourself as a Holland America customer, not a Carnival customer. Even without a credit card number, this type of data can create problems. Criminals can use it to build fake emails, texts and calls that sound like they came from a real cruise brand. For example, a scammer could mention loyalty points, an upcoming trip, a refund or a cabin upgrade. That one familiar detail may be enough to get you to click.

What ShinyHunters claimed about Carnival

Carnival has not publicly confirmed that ShinyHunters carried out the attack. However, the extortion gang claimed responsibility in April 2026 and said it stole millions of records and internal corporate data.

ShinyHunters has also been tied to broader data theft and extortion activity involving Salesforce customers. The group often pressures companies by threatening to leak or sell stolen information.

The FBI has warned victims not to pay ransom demands from the group. Paying does not guarantee stolen data will be deleted. It also does not stop criminals from trying to extort victims again.

For you, the concern is what happens next. Once your data leaks, scammers may try to use it in emails, texts or calls that sound more believable than the usual junk.

Why the Carnival breach could put you at risk

Travel scams work because they catch you when you are excited, rushed or distracted. Maybe you booked a cruise years ago. Maybe you joined a loyalty program and forgot about it. Maybe you sailed with Holland America, Princess Cruises or another Carnival-owned brand. That old account can still have value to criminals.

Carnival has also dealt with several cybersecurity incidents before. The company disclosed breaches in March 2020 and June 2021 after attackers accessed employee email accounts. Ransomware incidents in August 2020 and December 2020 also exposed personal information tied to Carnival customers and employees.

That history does not mean every Carnival customer will face fraud. But it does show why old travel accounts deserve attention. A loyalty account can reveal more than points. It can connect your name, email, birthday, travel history and brand preferences.

That gives scammers more ways to sound convincing. A fake email may claim your loyalty points are expiring. A text may say you qualify for a refund. A caller may say your account needs verification. Those tricks can lead to stolen passwords, malware, fake payment pages or identity theft attempts.

HOW TO PROTECT YOUR ONLINE PRIVACY AND SECURITY ON YOUR NEXT CRUISE VACATION

Ways to stay safe after the Carnival breach

If you receive a Carnival breach notice, read it closely so you know what information may have been involved. Some impacted data may include government-issued identification numbers, so take these steps to lock down your accounts, spot fake cruise messages and reduce the chances that scammers can use your personal details against you.

1) Review Carnival’s offer for credit monitoring

Carnival says it is offering eligible U.S. individuals two years of complimentary credit monitoring. If you receive a notice, use the contact details in that notice or Carnival’s official breach webpage. Do not trust random links in emails, texts or search ads claiming to help you enroll.

2) Change your cruise account passwords

Go directly to the official website or app. Do not click a link from an email or text. Use a strong, unique password for every travel account. A password manager can help you create and store better passwords. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

3) Turn on two-factor authentication

Two-factor authentication (2FA) adds another layer of protection. Even if someone steals your password, they still need a second approval. Use an authentication app when possible. Text codes help, but they can be weaker if a scammer tries a SIM swap attack.

4) Watch for fake cruise emails and texts

Be suspicious of messages about refunds, loyalty points, upgrades, cancellations or account verification. Scammers love urgent wording. They want you to click before you think. Instead, go straight to the company’s website or app. Check your account there.

5) Use a data removal service

A data removal service will not undo the Carnival breach. However, it can help remove your personal information from data broker and people-search sites. That can make it harder for scammers to combine leaked breach data with your home address, phone number, relatives’ names or other details found online. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

6) Use strong antivirus protection

Breaches often lead to phishing emails with dangerous links or attachments. Strong antivirus protection can help block malicious websites, scam pages and malware before they do damage. Also, keep your phone, tablet and computer updated. Security updates close holes that criminals try to exploit. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

7) Do not share personal details with callers

If someone calls and claims to represent a cruise line, do not give out your date of birth, payment details or login codes. Hang up and call the company using a number from its official website.

10 SIGNS YOUR PERSONAL DATA IS BEING SOLD ONLINE

8) Monitor your bank and credit card accounts

Check your statements for charges you do not recognize. Small test charges can show up before larger fraud attempts. Report suspicious activity right away. Many banks also let you lock a card from the app while you investigate.

9) Consider a credit freeze

A credit freeze can block criminals from opening new credit accounts in your name. You can freeze your credit for free with Equifax, Experian and TransUnion. You can also lift the freeze when you need to apply for credit.

10) Review your credit reports

Check your credit reports for accounts, addresses or inquiries you do not recognize. You can get free weekly credit reports from the three major credit bureaus at AnnualCreditReport.com.

11) Watch for misuse of your ID documents

Because Carnival says some impacted data may include driver’s license or passport numbers, be extra cautious with messages asking you to “verify” your identity. Do not upload a photo of your ID through a link in an email or text. Go directly to the official company, bank or government website instead.

12) Consider identity theft protection

Identity theft protection can help monitor your personal information, credit files and financial activity for warning signs of fraud. Some plans also include breach or dark web monitoring, which can alert you if your email address or other personal details appear in known leaks. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com

13) Save the breach notice

Keep a copy of any notice you receive from Carnival. It may explain what information was involved and what support the company offers. Be careful with fake settlement or claim websites. Scammers often create lookalike pages after major breaches.

Kurt’s key takeaways

The Carnival data breach shows why travel accounts need the same care as banking, shopping and email accounts. A cruise may last a week, but the data you shared can stick around for years. Take a few minutes now to tighten your accounts. Change reused passwords, watch for cruise-themed scams and consider freezing your credit if you want stronger protection.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Have travel companies earned enough trust to keep collecting so much personal data, or should loyalty programs start asking for far less? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Valve now says that the delayed Steam Machine PC and Steam Frame VR headset are set to launch sometime this summer. In a Thursday blog post detailing its Verified programs for both pieces of hardware, Valve concludes by saying that “We’re excited for players to try your titles on the new Steam hardware once they launch this summer.”

When the company originally announced the Machine and Frame alongside its new Steam Controller late last year, it said that it would start shipping the new gadgets in early 2026. But in February, the company announced that the ongoing memory and storage crunch had forced it to revisit its pricing and shipping plans. And in March, Valve said in a blog post that it would be “shipping all three products this year” — though that was after the company initially said in the post that “we hope to ship in 2026,” which it removed in an update.

Valve opted to release the Steam Controller on its own, putting it up for sale in early May. For the Machine and Frame, while “summer” isn’t exactly a specific date, it narrows the window for when the products might finally come out.

Ahead of actually launching the devices, Valve is redesigning the Steam store and sharing information about the Verified programs for the hardware so that developers can prepare their games. Like with the Steam Deck, if a game is verified for the Machine or the Frame, the badge signals that the game should work well without any tweaks from the user.

For the Machine, the requirements for a game to be verified are “nearly identical” to what they are for the Steam Deck. With the Machine being “roughly six times as powerful” as the Deck, in theory, many more games will be verified for it. Valve also says that it’s testing “every title on Machine that fell below our performance requirements on Deck.”

For the Frame, Valve’s verified badge will signify games that run well while being played natively on the headset — as opposed to games that work well streamed to the headset, which the Frame is also capable of. “Like Steam Deck Verified, the Steam Frame Standalone Verified program focuses on the experience customers will have with the device out-of-the-box in standalone mode,” Valve says.

Now, we just need Valve to share exactly when the Steam Machine and Steam Frame will be released and how much they might cost. After last week’s price hikes for the Steam Deck, I’m gearing up for sticker shock.

Humanoid robots just got another real job. This time, they are clocking in behind the scenes at a major retail operation. Figure AI has signed a commercial agreement with Catalyst Brands. That is the company behind JCPenney, Aéropostale, Brooks Brothers, Eddie Bauer, Lucky Brand and Nautica.

The first rollout begins at Catalyst’s Reno, Nevada Distribution Logistics Center. So, no, these robots are not greeting shoppers or folding jeans in the store aisle. At least not yet.

For now, they are heading into warehouse and supply chain work. Still, the announcement has some people worried. Many see humanoid robots entering a workplace and immediately wonder what happens to human jobs. That concern is fair.

Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (Saturday, June 13, 10 am ET)

• Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com.

THE AI-POWERED ROBOT ARMY THAT PACKS YOUR GROCERIES IN MINUTES

Figure’s humanoid robots enter warehouse work

Catalyst Brands says Figure’s humanoid robots will help with supply chain work. The companies say the robots will focus on repetitive, physically demanding sorting and packing tasks. In other words, this starts with warehouse work that can wear people down over time. The robots will first assist with Catalyst’s Joey Pouch sorting system in Reno. That system helps with computerized induction, sorting and packing inside the facility. Catalyst says the Reno site also underwent a $40 million infrastructure update in 2024.

“As we invest in and scale our portfolio, this collaboration with Figure shows how emerging technologies can modernize our operations while strengthening our workforce,” said Marc Rosen, CEO of Catalyst Brands. “When we automate routine tasks, our associates can focus on higher-value work and better serve our customers across all our brands.”

So, this is happening behind the scenes in the warehouse, not on the store floor. That detail is important, especially because some online reactions made it sound like robots were already headed into retail stores. The announcement points to warehouse operations first. Still, warehouse jobs are real jobs. That is why this deal is getting so much attention.

Why the Figure AI and Catalyst Brands deal stands out

Catalyst Brands owns several major retail brands and operates a large retail network. Figure AI also describes this as a step toward deploying humanoid robots at scale, even though it has not said how many robots will be used.

There is also a financial connection behind the scenes. Brookfield is an investor in Figure AI and also has a stake in Catalyst Brands. Figure says this is the first commercial bridge between Figure and a Brookfield portfolio company.

If the robots perform well in Reno, the companies could look for more ways to use them across the business.

AI LAYOFFS MAY BE BACKFIRING ON COMPANIES

What Figure AI has not revealed yet

The announcement leaves out several key details. We do not know how many robots Figure AI will deploy. We do not know the exact start date. We also do not know whether Catalyst is buying the robots, leasing them or using a robots-as-a-service model. The companies have also not said how many human roles could change because of the rollout.

Figure AI says the robots are being integrated into Catalyst’s distribution facility and will focus on physically demanding work. However, the release does not spell out the exact jobs the robots will handle day to day.

That missing information gives people room to worry. It also gives people room to guess. And online, people did both. Some thought humanoid robots were coming straight into stores. Others focused on the bigger fear, which is that robots could take over jobs that people depend on.

Why humanoid robots make workers nervous

The fear around this deal goes beyond one company. Workers have already watched companies use AI to cut costs, slow hiring and reorganize teams. Now, physical robots are entering spaces where people lift, sort, pack and move products. That feels different.

Figure AI and Catalyst say the robots can handle routine tasks and help associates shift toward higher-value work. That sounds promising. However, workers may hear a very different message. They may wonder who gets retrained. They may also wonder who gets replaced. Companies cannot brush off those concerns. If humanoid robots are coming into more workplaces, workers deserve clear answers.

JOBS THAT ARE MOST AT RISK FROM AI, ACCORDING TO MICROSOFT

Why retail companies want warehouse robots

Warehouse work can be tough on the body. People lift boxes, move products, repeat the same motions and race to keep up when orders spike. That is why retail companies are looking hard at automation.

Figure’s pitch is that humanoid robots can fit into places already built for people. They do not need a warehouse rebuilt from scratch. In theory, they can step into certain jobs and help with repetitive work.

For a retailer, that could mean products move faster, and workers face less physical strain. It could also help during busy shopping seasons, when distribution centers get slammed.

What to watch next with Figure AI robots

The next big signal will be whether Catalyst expands the robot program beyond Reno. A small rollout may be a learning test. A wider deployment would point to a much larger shift in how retailers move products.

Watch for details on robot count, job duties and worker impact. Those specifics will tell us more than anything else. Also, pay attention to how companies talk about employees. If they say robots will help workers move into better roles, they should explain exactly how that will happen. Workers deserve more than buzzwords.

What this means for you

These robots may start in a warehouse, but the ripple effect could eventually reach workers, shoppers and prices.

For shoppers, the upside is easy to see. If robots help move products faster, stores may have fewer empty shelves. Online orders could also move through warehouses more quickly.

For workers, it gets more complicated. Companies often say robots will take over the hardest tasks so people can move into better roles. That sounds good, but workers need more than a promise. They need training. They need clear answers. They also need to know whether a robot is there to help them or replace them.

And for the rest of us, this raises a bigger question. Are we comfortable with retailers using humanoid robots if it makes shopping faster or cheaper? Or do we want companies to prove that people are still part of the plan?

Kurt’s key takeaways

Figure AI’s deal with Catalyst Brands shows how quickly humanoid robots are entering our workplaces. For now, these robots are starting in a distribution center. They are not walking through the aisles at JCPenney. That distinction is important. Still, the bigger concern remains. People want to know whether these machines will help workers or slowly push them aside. Automation can reduce hard physical work. It can also create real fear when companies avoid direct answers. Humanoid robots may soon become a normal part of warehouse operations for retailers. The real test will be whether companies use them in a way that helps people, instead of treating people like a cost to cut.

Would you shop with a retailer that uses humanoid robots in its warehouses, or would that make you think twice? Let us know by writing to us at CyberGuy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.