Carnival Cruise Lines has been fined $5 million for cyber security violations involving customer data from 2019 to 2021.
“New York's Department of Financial Services said Carnival violated a state cybersecurity regulation by failing to use multi-factor authentication that would make it harder for wrongdoers to access its internal network.” (Reuters).
In 2020, a ransomware attack occurred against the company, leaving the data vulnerable.
“Then in August 2020, the company said it was hit with the aforementioned ransomware, and copies of its files were siphoned. In January 2021, it was infected again with malware, and again sensitive information – specifically, customer passport numbers and dates of birth, and employee credit card numbers – were downloaded. And in March that year, a staffer's work email account was compromised again to send out a phishing email; more sensitive information was exposed.” (The Register).
The company also suffered numerous other cyber security mishaps.
“Carnival failed to report one breach and conduct adequate cybersecurity awareness training for employees. The regulator said the failures caused Carnival to file improper cybersecurity compliance certifications from 2018 to 2020. Carnival was at the time licensed to sell insurance in New York, which the Miami-based company no longer does. Two of the breaches involved ransomware attacks, the regulator said.” (Reuters).
Carnival owns many other brands.
“Carnival's brands also include Costa, Cunard, Holland America, Princess and Seabourn. The company reached a separate $1.25 million settlement on Thursday with the attorneys general of 45 U.S. states and Washington, D.C. over one of the breaches.” (Reuters).
The customers and employees that suffered at the hands of these incidents are the main concern.
“‘A data breach exposing personal data allows bad actors to, among other things, commit identity theft, which can have significant repercussions on an individual's financial health,’ DFS Superintendent Adrienne Harris said in a statement. ‘It is critical that companies take appropriate action to protect consumers' personal information.’” (The Register).
Have any questions about cyber-security? Responsive Technology Partners is the leading cyber-security expert in the Athens, Metter, Milledgeville, Vidalia, and Atlanta, Georgia areas. We also have locations in Tampa, Florida, Roanoke, Virginia, and Raleigh South Carolina. Service offerings include I.T. support, cyber-security and compliance, telephony, cloud services, cabling, access control, and camera systems. Our company’s mission is to provide world-class customer service through industry leading I.T. solutions that make every customer feel as if they are our only customer. Please visit our website to learn more: https://www.responsivetechnologypartners.com/.
Also, attend a Cyber Summit! Responsive Technology Partners hosts widespread Cyber Summits across all residing states, including Augusta, Georgia on Friday, July the 29th. The summit is a Cybersecurity Seminar featuring experts in Homeland Security, FBI, Cyber Insurance, Email Phishing Attacks and more, addressing business's cyber protection concerns. All attendees will receive a comprehensive Network Assessment that will identify weaknesses in your network, cloud environment and policies & procedures valued at $2,500. Attendance is free and there is no cost to register. The Augusta Summit will be held at the Richmond on Greene event center from 11:30am-5:00pm.
Sources:
The Register. https://www.theregister.com/2022/06/28/carnival-cybersecurity-fines/
