✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Leisure/Travel
Breach intelligence, attack campaigns, and threat reports targeting the Leisure/Travel sector.
Explore Other Sectors
Leisure/Travel Threat Reports
Carnival Corporation's 2026 Data Breach: A ShinyHunters Operation
In April 2026, Carnival Corporation, the world's largest cruise operator, experienced a significant data breach orchestrated by the cybercriminal group ShinyHunters. The attackers employed social engineering tactics to deceive an employee, gaining unauthorized access to the company's IT systems. This intrusion led to the exfiltration of personal data belonging to nearly 6 million individuals, including names, birthdates, genders, and loyalty program details. The breach was publicly disclosed on May 27, 2026, over a month after the initial compromise. ([prnewswire.com](https://www.prnewswire.com/news-releases/carnival-corporation-notice-of-data-breach-302783524.html?utm_source=openai)) This incident underscores the persistent threat posed by sophisticated cybercriminal groups like ShinyHunters, who have been linked to multiple high-profile data breaches in 2026. The delay in disclosure highlights the challenges organizations face in promptly notifying affected individuals, emphasizing the need for robust cybersecurity measures and transparent communication strategies.
3 weeks ago
Kill Chain
ShinyHunters' 2026 Data Breaches: A Wake-Up Call for Cybersecurity
In May 2026, the cybercriminal group ShinyHunters executed a series of data breaches targeting multiple organizations, including DentaQuest, a prominent dental benefits administrator in the United States. The attackers employed sophisticated social engineering techniques, such as voice phishing, to compromise employee credentials and gain unauthorized access to sensitive systems. This led to the exfiltration of substantial volumes of personal and proprietary data, which ShinyHunters subsequently threatened to release unless ransom demands were met. The breaches have raised significant concerns regarding data security practices and the effectiveness of current defensive measures against such targeted attacks. The recent surge in ShinyHunters' activities underscores a troubling trend in cybercrime, where threat actors increasingly leverage social engineering to bypass technical defenses. Organizations across various sectors are now facing heightened risks of data breaches, emphasizing the urgent need for enhanced security protocols, employee training, and robust incident response strategies to mitigate the impact of such sophisticated cyber threats.
3 weeks ago
Kill Chain
Urgent Update: WP Maps Pro Vulnerability (CVE-2026-8732) Threatens WordPress Sites
In May 2026, a critical vulnerability (CVE-2026-8732) was discovered in the WP Maps Pro plugin for WordPress, affecting versions up to and including 6.1.0. This flaw allowed unauthenticated attackers to create administrator accounts by exploiting an insecure AJAX endpoint, leading to potential full site takeovers. The vulnerability stemmed from inadequate nonce protection, making it possible for attackers to bypass authentication mechanisms and gain elevated privileges. The exploitation of this vulnerability underscores the persistent risks associated with third-party plugins in content management systems. It highlights the necessity for website administrators to maintain rigorous update practices and implement robust security measures to mitigate such threats.
3 weeks ago
Kill Chain
Carnival Cruise Data Breach 2026: A Wake-Up Call for Cybersecurity
In April 2026, Carnival Corporation, the world's largest cruise line operator, experienced a significant data breach affecting nearly 6 million individuals. The breach was initiated through a social engineering attack, where an unauthorized actor deceived an employee to gain access to a limited portion of the company's IT system. The attackers, identified as the ShinyHunters extortion gang, claimed responsibility for the breach, stating they stole documents containing over 8.7 million records with personally identifiable information and terabytes of internal corporate data. The compromised data includes names, dates of birth, email addresses, genders, geographic locations, and loyalty program details. Carnival promptly blocked the unauthorized activity and began working with third-party security experts to strengthen their security measures and conduct a thorough investigation. This incident underscores the persistent threat posed by sophisticated cybercriminal groups like ShinyHunters, who employ advanced social engineering tactics to infiltrate organizations. The breach highlights the critical need for robust cybersecurity protocols, employee training to recognize and resist social engineering attempts, and comprehensive incident response strategies to mitigate the impact of such attacks.
4 weeks ago
Kill Chain
Booking.com Data Breach 2026: What You Need to Know
In April 2026, Booking.com, a leading online travel platform, experienced a data breach where unauthorized third parties accessed customers' reservation information. The compromised data included full names, email addresses, postal addresses, phone numbers, and communications shared with property providers. Upon detection, Booking.com promptly reset reservation PINs and notified affected users via email, advising them to remain vigilant against potential phishing attempts. ([techcrunch.com](https://techcrunch.com/2026/04/13/booking-com-confirms-hackers-accessed-customers-data/?utm_source=openai)) This incident underscores the persistent threat of cyberattacks targeting the travel and hospitality industry, emphasizing the need for robust data protection measures. As cybercriminals increasingly exploit personal data for fraudulent activities, organizations must enhance their security protocols to safeguard customer information.
2 months ago
Kill Chain
Basic-Fit Data Breach 2026: A Wake-Up Call for Cybersecurity in the Fitness Industry
In April 2026, Basic-Fit, Europe's largest fitness chain, experienced a data breach affecting approximately one million members across six countries, including the Netherlands, Belgium, Luxembourg, France, Spain, and Germany. Unauthorized access to the system that records members' visits allowed attackers to exfiltrate personal information such as full names, physical addresses, email addresses, phone numbers, dates of birth, bank account details, and membership information. The breach was detected and halted within minutes by Basic-Fit's monitoring systems, and affected members were promptly informed. Notably, no identification documents or account passwords were compromised. This incident underscores the critical importance of robust cybersecurity measures in protecting sensitive customer data. With the increasing frequency of cyberattacks targeting personal and financial information, organizations must prioritize the implementation of comprehensive security protocols and continuous monitoring to mitigate potential threats and safeguard their customers' trust.
2 months ago
Kill Chain
Eurail 2025 Data Breach: A Wake-Up Call for Travel Industry Cybersecurity
In late December 2025, Eurail B.V., a Netherlands-based travel company, experienced a significant data breach when unauthorized actors accessed its network and exfiltrated files containing sensitive customer information. The breach, which occurred on December 26, 2025, was discovered on January 5, 2026, and confirmed on February 25, 2026. Approximately 308,777 individuals were affected, with compromised data including names, passport numbers, dates of birth, email addresses, postal addresses, phone numbers, bank account references (IBANs), and health-related information. ([claimdepot.com](https://www.claimdepot.com/data-breach/eurail-2026?utm_source=openai)) This incident underscores the escalating threat landscape targeting the travel industry, where personal data is highly valuable. The breach highlights the critical need for robust cybersecurity measures, including regular system audits, employee training, and comprehensive incident response plans to mitigate potential risks and protect customer information.
2 months ago
Kill Chain
Eurail 2026 Data Breach: What You Need to Know
In January 2026, Eurail B.V., the operator of the Interrail ticketing platform, experienced a security breach resulting in unauthorized access to customer data. The compromised information includes names, contact details, passport information, and, for some DiscoverEU participants, bank account references and health data. Upon discovery, Eurail secured its systems, initiated an investigation with external cybersecurity specialists, and began notifying affected customers and regulatory authorities. As of mid-January 2026, there is no evidence of data misuse or public disclosure. This incident underscores the critical importance of robust cybersecurity measures in the travel industry, especially given the sensitive nature of the data involved. Organizations must remain vigilant against evolving cyber threats and ensure compliance with data protection regulations to safeguard customer information.
4 months ago
Kill Chain
Russian Hackers Create 4,300 Fake Travel Sites to Phish Hotel Guests
In early 2025, a Russian-speaking threat group orchestrated a widespread phishing campaign targeting the hospitality sector by registering over 4,300 fraudulent travel and hotel websites. Posing as legitimate booking platforms, the attackers lured hotel guests via persuasive spam emails, harvesting sensitive payment data and personal information from unsuspecting travelers. The threat actor leveraged sophisticated domain registration strategies and rapid site turnover to evade detection, resulting in a significant exposure of financial data and reputational harm to both guests and affected hospitality brands. This incident signals an ongoing trend of highly targeted phishing operations in the travel industry, exploiting the surge in online bookings and trust in familiar brand identities. The campaign underscores the critical need for advanced threat detection, greater scrutiny of online domains, and robust security awareness for organizations and their customers.
5 months ago
Kill Chain
WestJet 2025 Data Breach: How Social Engineering and Remote Access Led to Massive Data Exposure
In June 2025, Canadian airline WestJet suffered a major data breach affecting approximately 1.2 million customers. Threat actors exploited social engineering to reset an employee’s password, gaining access through Citrix systems and compromising both Windows and Microsoft cloud networks. The attackers were able to exfiltrate sensitive personal data, including full names, dates of birth, physical addresses, passport or government IDs, travel information, rewards member data, and select customer service interactions. While no credit card numbers or passwords were disclosed, the incident required investigation by law enforcement and forced WestJet to notify affected users and authorities across North America, offering free identity monitoring. This breach highlights the growing effectiveness of identity-based attacks, particularly those leveraging social engineering to bypass traditional security controls via remote access platforms. With aviation and travel industries increasingly targeted, this incident underscores the urgent need for modern Zero Trust approaches and continuous monitoring of east-west traffic within enterprise networks.
5 months ago
Kill Chain
WestJet Data Breach 2025: Passport Info Exposed in Major Airline Cyberattack
In June 2025, Canadian airline WestJet revealed a cybersecurity breach that resulted in the exposure of sensitive customer information, including names, dates of birth, mailing addresses, travel documents such as passports and government IDs, requested accommodations, complaints, and loyalty program data. The breach, disclosed after disruptions to internal systems and the company’s mobile app, was investigated over several months, with findings confirmed in mid-September. While no official attribution has been confirmed, the notorious Scattered Spider threat group was active in targeting the aviation industry at the time. The FBI is assisting with the investigation, and all affected customers have been notified. This breach is of significant concern as it exemplifies the intensifying targeting of travel and aviation sectors by sophisticated threat actors using advanced social engineering and credential-harvesting techniques. The incident also underscores increasing regulatory scrutiny and customer awareness around identity-related attacks and privacy risks in critical infrastructure industries.
5 months ago
Kill Chain
ComicForm and SectorJ149 Launch Formbook Infostealer Attacks in Eurasia (2025)
In April 2025, a previously unknown threat group known as ComicForm, in tandem with the SectorJ149 collective, launched a sophisticated phishing campaign against organizations in Belarus, Kazakhstan, and Russia. Exploiting spear-phishing emails, the attackers delivered Formbook malware, an advanced infostealer, to infiltrate sectors including industrial, financial, biotechnology, research, tourism, and trade. The campaign's attack chain leveraged malicious email attachments and deceptive lures aimed at harvesting sensitive credentials, exfiltrating business information, and enabling internal lateral movement, causing operational disruptions and exposing confidential data. This incident exemplifies the rise of regionally targeted malware campaigns by emerging threat actors who combine phishing, credential theft, and infostealer malware. Current threat intelligence points to increased infostealer usage, especially in sectors with valuable intellectual property, necessitating enhanced vigilance and stronger defense-in-depth strategies.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports