Breaking News

Dayton home healthcare provider denied $133K in overtime to 63 workers, falsified pay records to mask violations, federal investigation finds US Department of Labor seeks Maine building construction industry’s input for wage survey to establish accurate prevailing wage rates US Department of Labor investigation recovers $124K for 40 workers of Hampton Beach clothing retailer, assesses $18K in penalties US Department of Labor investigation into Temple worker’s partial arm amputation finds employer again ignored machine safety procedures Del Rio Sector Border Patrol Agents Arrest Sex Offender Utah’s ongoing response to drought Administrator Samantha Power Meets with Middle East and North Africa Leaders on Regional Food Security | Press Release Statement from U.S. Secretary of Commerce Gina Raimondo on New Rule Protecting Americans’ Pensions

For Immediate Release:
Wednesday, June 22, 2022

Nazneen Ahmed (919) 716-0060

(RALEIGH) Attorney General Josh Stein today reached a $1.25 million multistate settlement with Florida-based Carnival Cruise Line stemming from a 2019 data breach that involved the personal information of approximately 180,000 Carnival employees and customers, including 3,139 North Carolinians. Attorney General Stein was part of the executive committee investigating Carnival. North Carolina will receive $42,830.10.

“The ramifications of a data breach can be devastating for people whose identity and financial information is compromised and stolen,” said Attorney General Josh Stein. “Companies that have our personal and financial information must do everything reasonably within their power to protect it from hackers. I’m pleased that Carnival is making changes to better safeguard people’s data.”

In March 2020, Carnival publicly reported a data breach in which an unauthorized actor gained access to certain Carnival employee e-mail accounts. The breach included names, addresses, passport numbers, driver’s license numbers, payment card information, health information, and a relatively small number of Social Security Numbers.

In its breach notification, Carnival stated that it first became aware of suspicious email activity in late May 2019, approximately 10 months before it reported the breach. In their investigation, the attorneys general focused on Carnival’s email security practices and compliance with state breach notification statutes. “Unstructured” data breaches like the Carnival breach involve personal information stored via email and other disorganized platforms. Businesses lack visibility into this data, making breach notification more challenging—and consumer risk rises with delays.

Carnival has agreed to strengthen its email security and breach response practices going forward, including by implementing and maintaining a breach response and notification plan, monitoring potential security events, putting in place employee email security training, multi-factor authentication for remote email access, and stronger password policies, and undergoing an independent information security assessment.

Attorney General Stein is joined in reaching this settlement with the Attorneys General of Connecticut, Florida, Washington, Alabama, Arizona, Arkansas, Ohio, Alaska, Colorado, Delaware, the District of Columbia, Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Dakota, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, West Virginia, Wisconsin, and Wyoming.

A copy of the settlement is available here.


Source link