Advertisement

Michigan to receive $29k in 2019 Carnival Cruise settlement

Michigan will receive more than $29,000 as part of a $1.25 million multistate settlement with...
Michigan will receive more than $29,000 as part of a $1.25 million multistate settlement with Carnival Cruise Line.(Source: Carnival Cruise Line via MGN)
Published: Jun. 23, 2022 at 11:57 AM EDT
Email This Link
Share on Pinterest
Share on LinkedIn

LANSING, Mich. (WNEM) - Michigan will receive more than $29,000 as part of a $1.25 million multistate settlement with Carnival Cruise Line.

In March 2020, the Florida-based cruise company publicly reported a data breach in which an unauthorized person gained access to certain Carnival employee and customer email accounts.

The breach included names, addresses, debit/credit card information and some Social Security numbers of approximately 180,000 Carnival employees and customers across the country, according to Michigan Attorney General Dana Nessel.

In Michigan, 3,817 residents were impacted.

Breach notifications sent to attorneys general offices stated Carnival first became aware of suspicious email activity in late May of 2019 - approximately 10 months before Carnival reported the breach. A multistate investigation ensued, focusing on Carnival’s email security practices and compliance with state breach notification statutes.

Under the settlement, Carnival has agreed to a series of provisions designed to strengthen its email security and breach response practices going forward. Those include:

· implementation and maintenance of a breach response and notification plan;

· email security training requirements for employees, including dedicated phishing exercises;

· multi-factor authentication for remote email access;

· password policies and procedures requiring the use of strong, complex passwords, password rotation, and secure password storage;

· maintenance of enhanced behavior analytics tools to log and monitor potential security events on the company’s network; and

· consistent with past data breach settlements, undergoing an independent information security assessment.

Michigan will receive $29,016.47 from the settlement.