NYDFS penalizes Carnival $5M for cybersecurity failures
By 
Jeff Dale2022-06-27T16:18:00
The New York State Department of Financial Services announced a $5 million penalty against Carnival Corp. for “significant” cybersecurity failures, including not implementing basic protocols to prevent four separate data breaches from 2019-21.
Related articles
-
ArticleEyeMed fined $4.5M over cybersecurity lapses that led to breach
EyeMed Vision Care agreed to pay $4.5 million as part of a settlement with the New York State Department of Financial Services for cybersecurity control failures that helped enable a 2020 data breach.
-
Article
Carnival reaches $1.25M settlement over 2019 data breach
Carnival Cruise Line reached a $1.25 million settlement with 46 attorneys general stemming from its 2019 data breach that involved the personal information of 180,000 Carnival employees and customers nationwide.
-
ArticleBig week for breaches: McDonald’s, Carnival, and more
Multiple high-profile companies—including Carnival, Wegmans, McDonald’s, Volkswagen, and CVS—have confirmed in recent days they were either victims of a data breach or were alerted to a gap in their security controls.
More from Regulatory Enforcement
-
ArticleTractor Supply Company hit with $1.35M fine for alleged California privacy violations
Tractor Supply Company has agreed to get into compliance with California’s consumer privacy law and to pay a $1.35 million fine—the largest yet by California—to settle allegations it violated the privacy rights of customers and job applicants.
-
Basic PageLuminUltra fined $685K by BIS for illegal shipment to Iran
A single $33,000 shipment to Iran triggered a six-figure penalty and years of compliance oversight for biotechnology company LuminUltra Technologies, Inc.
-
News BriefFTC secures $5.7M settlement after business data provider repeatedly broke compliance order
The Federal Trade Commission (FTC) accused business credit reporting company Dun & Bradstreet of failing to comply with the commission’s 2022 order.