![]() ![]() On June 23, 2022, the Connecticut Office of the Attorney General, along with 45 other attorneys generals, also announced a separate $1.25 million multistate settlement with Carnival Cruise Line (Carnival) that was reached in response to a 2019 data breach of Carnival’s system that compromised the personal information of approximately 180,000 Carnival employees and customers nationwide. Based on its discovery of cybersecurity events associated with Carnival Companies’ systems in 2019, 20, the DFS determined that the companies failed to implement adequate risk-based policies and procedures between 20 and improperly certified in each of these years that their cybersecurity program was in compliance with NY cybersecurity regulations. The NY DFS also requires companies to implement risk-based policies, procedures and controls that detect unauthorized access of their systems (Section 500.14(a)) and certify annually that they are in compliance with NY cybersecurity regulations (Section 500.17(b)). Based on these findings, the DFS determined that the Carnival Companies violated several Regulation provisions when it failed to implement multi-factor authentication as a “first line of defense” (Section 500.12(b)) failed to notify the DFS of a cybersecurity event within 72 hours (Section 500.17(a)) and failed to adequately provide cybersecurity awareness training for all personnel (Section 500.14(a)). New York’s DFTS Cybersecurity Regulation was initially implemented in March 2017, and after receiving input from nearly 200 cybersecurity experts and regulated banking and insurance companies, became fully effective in March 2019.Īccording to the NY DFS, its investigation of Carnival Companies uncovered evidence that the companies had four separate cybersecurity events between 20 involving unauthorized access of the companies’ information systems, including two ransomware attacks, which led to the exposure of customers’ sensitive, non-public and personal information (NPI). ![]() Meatpacker JBS USA’s operations were disrupted earlier this month due to a cyberattack.Ĭarnival was also hit by a ransomware attack last year, which affected the information technology systems of one of its brands.On June 24, 2022, the New York Superintendent of the Department of Financial Services (DFS), Adrienne Harris, announced that a $5 million penalty was imposed upon Carnival Corporation d/b/a Carnival Cruise Line, Princess Cruise Lines, Holland America Line, Seaborn Cruise Line and Costa Cruise Lines (the Carnival Companies) for violating New York’s first-in-the-nation Cybersecurity Regulation, 23 NY CRR § 500. The disclosure from the company comes at a time United States has witnessed a spate of increasingly bold cyberattacks on critical infrastructure.Ī ransomware attack on Colonial Pipeline last month temporarily stalled one of the country’s major arteries for fuel delivery. Technology news portal Bleeping Computer first reported the breach. Miami-based Carnival also said it alerted individuals whose data had been compromised and set up a call center to respond to their queries. ![]() "There is evidence indicating a low likelihood of the data being misused," the company added. ![]() The breach affected personal information of some guests, employees and crew for Carnival Cruise Line, Holland America Line, Princess Cruises and medical operations, Carnival said. The company, whose shares were down over 2%, noticed the suspicious activity on March 19 and acted quickly to "to shut down the event and prevent further unauthorized access", it said in an emailed statement. June 17 (Reuters) - Cruise operator Carnival Corp (CCL.N) said on Thursday it had detected unauthorized access to its computer systems in March, after which it alerted regulators and hired a cybersecurity firm to investigate the breach. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |