It doesn’t appear that this was the result of a hack or malicious code, just a goof on their end. And quite the goof it was.
Over 1,200 booked guests had their Name, Email and Booking Number added to a spreadsheet and then emailed to other guests. Quite the blunder.
Cunard acknowledged the breach and immediately shut down their web booking and booking management system. They also stated that passport numbers were not leaked, however if you added your number to you online profile, it could still be accessed if someone were to use the booking number in the email.