A New York state regulator fined cruise line operator Carnival Corp $5 million on Friday for cybersecurity violations that exposed customer data.
A New York state regulator fined cruise line operator Carnival Corp $5 million on Friday for cybersecurity violations that exposed customer data.
The regulator said that the lapses caused the company to file improper cybersecurity compliance certifications from 2018 to 2020.
The Department of Financial Services said its investigation uncovered evidence that the Carnival companies had been the subject of four cybersecurity events between 2019 and 2021, including two ransomware attacks. These events involved unauthorised access to the companies’ information systems. According to DFS, the companies violated the DFS cybersecurity regulations by failing to implement multi-factor authentication, failing to report the first cybersecurity event promptly, and failing to conduct adequate cybersecurity training for the companies’ personnel.
As per the department, during the incidents, the Carnival Companies were licensed insurance producers in New York state, sold various travel insurance products and thus were subject to DFS’s cybersecurity regulation.
Carnival Corp. operates Cruise Line, Princess Cruise Lines, Holland America Line, Seabourn Cruise Line, and Costa Cruises Lines.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?