Multistate Reaches Settlement with Carnival over 2019 Data Breach

Cozen O'Connor
Contact

Cozen O'Connor

  • AGs from 46 states reached a $1.26 million settlement with Carnival Corporation and three of its subsidiaries (collectively “Carnival”) to resolve allegations that Carnival violated state consumer protection and personal information protection laws when deficiencies in its information security program contributed to a 2019 data breach that compromised the personal information of approximately 180,000 Carnival employees and customers.
  • The multistate investigation revealed that in March 2020, Carnival reported a data breach in which an unauthorized user obtained access to Carnival employee e-mail accounts. Employee and customer names, addresses, passport numbers, driver’s license numbers, payment card information, health information, and some Social Security numbers were compromised as a result of the breach. It was also revealed that Carnival first became aware of suspicious email activity in May 2019, but did not report it for approximately 10 months.
  • In addition to paying $1.25 million to the participating states, the Assurance of Voluntary Compliance also requires that Carnival develop, implement and maintain a comprehensive information security program that contains specific security requirements. Such requirements include the development and implementation of personal information retention policies, email filtering protections, multi-factor authentication, encryption policies, logging and monitoring controls, employee privacy training, access and password controls, audit protocols, and annual risk assessments, among other things. The company must also obtain an information security risk assessment from an independent third party within 18 months of the agreement effective date.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cozen O'Connor | Attorney Advertising

Written by:

Cozen O'Connor
Contact
more
less

Cozen O'Connor on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.