June 23, 2022
Posted June 23, 2022
Carnival Cruise Line has agreed to pay $1.25 million to 46 states following a data breach that revealed the personal information of approximately 180,000 employees and customers. The company revealed in March 2020 that an unauthorized actor had gained access to the data, but it first became aware of suspicious activity nearly a full year before it reported the breach. As part of the settlement, Carnival will be required to implement higher email security practices, implement and maintain a breach response and notification plan, and submit to an independent security assessment. GA AG; NC AG; NY AG
Tagged in: Cybersecurity and Data Breaches,