South Carolina joins multistate settlement in Carnival Cruise Line data breach
/cloudfront-us-east-1.images.arcpublishing.com/gray/V7TSE4LQRNDYXGPL4BCXJN4ULA.jpg)
COLUMBIA, S.C. (WIS) - South Carolina joined 45 other states in a settlement against Carnival Cruise Line in relation to a 2019 data breach.
The Florida based company agreed to pay $1.25 million in the settlement. South Carolina will receive $20,500.21 from the action.
In March of 2020 the company reported an unauthorized access to employee e-mail accounts. The breach included names, addresses, passport numbers, driver’s license numbers, payment card information, health information and a number of Social Security numbers. The breach impacted 2,259 South Carolinians.
In total, roughly 180,000 employees and customers of the company had their information accessed.
Carnival initially became aware of the suspicious email activity in late May of 2019. South Carolina Attorney General Alan Wilson said investigation revealed the company waited approximately 10 months before reporting the breach.
As part of the settlement the company has agreed to strengthen their digital security. These include:
- Implementing a plan for future breaches
- Email security training for employees
- Multi-factor authentication for remote email access
- Stronger password policies and rotations for their company
- Behavior analytics and enhanced monitoring for the company’s network
- Independent information security assessment
The breach is classified as “unstructured”, meaning it involved personal information stored on email on other disorganized platforms. This makes it difficult for businesses to clearly see the data, making risks to customers higher and breaches more difficult to track.
Wilson said, “What happened in this case is a reminder that it could happen to any other business, so it’s important for businesses to take preventive measures to protect the private information of their customers.”
He continued, “They also need to follow regulations about notifying consumers promptly when there is a breach of private information.”
Copyright 2022 WIS. All rights reserved.
Notice a spelling or grammar error in this article? Click or tap here to report it. Please include the article’s headline.
/cloudfront-us-east-1.images.arcpublishing.com/gray/654ZEPQ7XNEOJA54I2NEGECBLE.png)
/cloudfront-us-east-1.images.arcpublishing.com/gray/ML7DYMH7VREEDOUN4UIDZZVKWA.jpg)
/cloudfront-us-east-1.images.arcpublishing.com/gray/KCBW7PUTLZHYNEZKL5ITTKCRYQ.png)
/cloudfront-us-east-1.images.arcpublishing.com/gray/5VTJTC3CZRDT7CNKDHBYIJNCFY.jpg)
/cloudfront-us-east-1.images.arcpublishing.com/gray/PLCM4KKCKRHMLPU5E3CQERMDFY.jpg)
/cloudfront-us-east-1.images.arcpublishing.com/gray/CUUYYL2AGNAUPBKTPNIBLCSR6M.png)
/cloudfront-us-east-1.images.arcpublishing.com/gray/WBLUCDTQXBGWNDFK3Z5NC4GBMY.jpg)
/cloudfront-us-east-1.images.arcpublishing.com/gray/BORCH4ZCJNCCZGREFIYXLHLMK4.png)
/cloudfront-us-east-1.images.arcpublishing.com/gray/VI26EZXOLFHDXL6WOXVQHYYCSI.jpg)
/do0bihdskp9dy.cloudfront.net/03-25-2023/t_746703ab5f864a39ac91b729b0cc260e_name_file_1280x720_2000_v3_1_.jpg)