Carnival Cruises To Pay $1.25 Million Fine

Written by Mike Boutwell

August 5, 2022

A compromise in the sum of $1.25 million dollars has been reached between Carnival Cruise Line and the 46 individual attorneys general who brought the lawsuit against the company. The breach of data that led to the settlement put the personal information of about 180,000 workers and customers of Carnival across the country at risk. The settlement was reached as a result of the incident.

In August of 2020, Carnival made the announcement that there had been a data breach that resulted in unauthorized individuals or organizations having access to the email accounts of some Carnival employees.

Among the information that was stolen in the attack were people’s names, addresses, passport numbers, driver’s license numbers, credit card information, health information, and Social Security Numbers.

Among the information that was stolen during the event were people’s names, residences, passport numbers, driver’s license numbers, credit card information, health information, and a relatively small number of Social Security Numbers.

Carnival announced in March of 2020 that it has rapidly proceeded to end the infiltration and resume normal operations. At that time, the company alerted the relevant authorities, retained the services of a cybersecurity organization to conduct an investigation into the matter, and carried out preventative maintenance in order to block any additional unauthorized access.

As it turns out, the breach occurred before August 2020, maybe as early as May 2019. This is according to a press statement that was published by a coalition of 46 attorneys general.

According to the breach warnings sent to attorneys’ general offices, Carnival was made aware of potentially malicious email activity for the first time in late May of 2019, nearly ten months before the company disclosed the data breach. An investigation has been started in a number of jurisdictions, with a special emphasis on the email security protocols that Carnival employs and the company’s adherence with applicable state breach reporting rules.

When Carnival Cruise Line and its sibling lines came under attack, a breach of unstructured data occurred on both of their systems. These kinds of security lapses are typically caused when employees save sensitive information in emails or on other unprotected platforms, and then that information is obtained by the wrong people and used in an inappropriate manner.

In the year 2020, the month of August saw an incident with ransomware taking place at Carnival Corporation. During the course of this assault, several different files were both encrypted and downloaded. P&O Cruises and its sister line, Cunard Line, both posted announcements on their respective websites about an issue that affected their information technology (IT) systems as well as their phone lines at this precise time period.

A cyberattack occurred on December 29, 2020, and the victim of the attack was the German cruise operator AIDA Cruises, which Carnival Corporation owns. As a result of the attack, the company’s phone lines and a large number of its information technology systems were rendered inoperable.

Once March of 2021 arrived, Carnival Cruise Line discovered that they had been the victims of yet another data breach. Because of the breach in security, the personal information of some passengers, employees, and crew members of Carnival Cruise Line, Holland America Line, Princess Cruises, and medical operations was made public. This included both patients and medical personnel.

In the worst possible scenario, a strategically positioned hack might result in safety issues for the vessel’s passengers, crew, and even the vessel itself. This is especially alarming considering the increasing reliance of ships on cloud interfaces.

You May Also Like…