over one of the breaches.Įarlier on Friday, Carnival said it expected occupancy levels to return to historical levels in 2023, and at higher prices, as more travelers return to the seas despite the COVID-19 pandemic. The company reached a separate $1.25 million settlement on Thursday with the attorneys general of 45 U.S. In a statement, Carnival said it cooperated with the regulator and admitted no wrongdoing, and that data privacy and protection were "extremely important" to the company.Ĭarnival's brands also include Costa, Cunard, Holland America, Princess and Seabourn. Two of the breaches involved ransomware attacks, the regulator said. ![]() The regulator said the failures caused Carnival to file improper cybersecurity compliance certifications from 2018 to 2020.Ĭarnival was at the time licensed to sell insurance in New York, which the Miami-based company no longer does. It also said Carnival failed to report one breach and conduct adequate cybersecurity awareness training for employees. New York's Department of Financial Services said Carnival violated a state cybersecurity regulation by failing to use multi-factor authentication that would make it harder for wrongdoers to access its internal network. This specific attack came after a data breach disclosed in March 2020 also leading to the exposure of customers’ personal and financial information after threat actors gained access to Carnival employees’ email accounts.NEW YORK, June 24 (Reuters) - A New York state regulator on Friday fined cruise line operator Carnival Corp (CCL.N) $5 million for "significant" cybersecurity violations, following four security breaches from 2019 to 2021 that exposed substantial amounts of sensitive customer data. Only two months after this incident took place the company declared in a separate SEC filed that the ransomware gang behind the August attack gained access to the personal information of both customers and employees during the attack, leaving roughly 37,500 individuals affected by this ransomware attack, according to info filed by Carnival with the Office of Maine’s Attorney General. Just last year, a ransomware attack hit Carnival, the incident being confirmed by the cruise line operator in an 8-K form filed with the US Securities and Exchange Commission (SEC). Not the First Cybersecurity Incident for Carnival The impacted information includes data routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the Company, including COVID or other safety testing.Ĭarnival disclosed that in the accessed information can be found the names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information like Social Security or national identification numbers, therefore the cruise line operator warned all impacted customers, employees, and Carnival Cruise Line, Holland America Line, Princess Cruises, and medical operations crew in regards to the data breach. ![]() It appears that in mid-March, the unauthorized third party gained access to certain personal information relating to some of our guests, employees, and crew. ![]() It looks like the Carnival Cruise data breach happened after the attackers managed to gain access to some of its IT systems that were containing personal, financial, and health information belonging to customers, employees, and crew.Ĭarnival is operating nine of the world’s leading cruise line brands (Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and Seabourn) and a travel tour company (Holland America Princess Alaska Tours), and is included in both S&P 500 and FTSE 100 stock market indices, having over 150,000 employees in 150 countries, and providing leisure travel to more than 13 million guests each year.Īccording to the statement provided by Carnival, unauthorized third-party access to a limited number of email accounts was detected on March 19, 2021. Carnival Corporation is the world’s largest cruise ship operator, and another large company that discloses the fact that it was affected by a data breach.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |