8/12/2023 0 Comments Carnival data breach 2021![]() ![]() “The impacted information includes data routinely collected during the guest experience and travel-booking process, or through the course of employment or providing services to the company, including COVID or other safety testing.” “It appears that in mid-March, the unauthorized third-party gained access to certain personal information relating to some of our guests, employees and crew,” Frizzell reportedly said. ![]() ![]() In a data breach notification letter sent to affected customers and first spotted by BleepingComputer, Carnival said that “unauthorized third-party access to a limited number of email accounts” was detected in mid-March.īut Carnival’s SVP and chief communications officer Roger Frizzell later told the news outlet that the attackers also gained access to “limited portions of its information technology systems.” It also operates Holland America Princess Alaska Tours, a tour company that sails around Alaska and the Canadian Yukon. Alabama, Arizona, Arkansas, Ohio, and North Carolina provided additional assistance and were joined by Alaska, Colorado, Delaware, the District of Columbia, Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Dakota, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, West Virginia, Wisconsin, and Wyoming.Ĭarnival did not respond to a request for comment.Carnival Corp., the world’s largest cruise-ship operator, has sprung another leak: For the second time in a year, attackers have breached email accounts and accessed personal, financial and health information belonging to guests, employees and crew.Ĭarnival has quite the armada: Its cruise brands include Carnival Cruise Line, Princess Cruises, Holland America Line, Seabourn, P&O Cruises (Australia), Costa Cruises, AIDA Cruises, P&O Cruises (UK) and Cunard. The investigation was co-led by Connecticut, Florida, and Washington. “The CISO shall report security incidents to the audit committee in accordance with Carnival’s incident response plan.” “The CISO’s responsibilities shall also include reporting any security incident impacting 500 or more consumers in the United States to the chief executive officer, chief information officer, and chief operations officer within 48 hours of discovery,” the settlement stated. The CISO must have proper credentials, background, and expertise in information security and will oversee the implementation and maintenance of the company’s information security program. On top of these requirements, Carnival must employ a chief information security officer (CISO) going forward, according to the settlement. Undergoing an independent information security assessment.Maintenance of enhanced behavior analytics tools to log and monitor potential security events on the company’s network and.Password policies and procedures requiring the use of strong passwords, password rotation, and secure password storage.Multifactor authentication for remote email access.Email security training requirements for employees, including dedicated phishing exercises.Implementation and maintenance of a breach response and notification plan.On Wednesday, Carnival agreed to pay the fine for its alleged misconduct and comply with changes to strengthen its email security and breach response practices going forward, including: A multistate probe was launched, focusing on Carnival’s email security practices and compliance with data breach statutes. In March 2020, Carnival, through subsidiaries Holland America Line and Princess Cruises, reported the breach, in which names, addresses, passport numbers, driver’s license numbers, payment card information, health information, and a small number of Social Security numbers were exposed.Ĭarnival said it first became aware of suspicious email activity in May 2019, 10 months before publicly announcing the incident. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |