From Michigan Department of Attorney General <[email protected]>
Subject AG Nessel Joins $1.25 Million Settlement Over 2019 Carnival Cruise Line Data Breach
Date June 23, 2022 2:49 PM
  Links have been removed from this email. Learn more in the FAQ.
  Links have been removed from this email. Learn more in the FAQ.
Attorney General Dana Nessel

*Media contact:*
AG Press <[email protected]>

*FOR IMMEDIATE RELEASE:*
Thursday, June 23, 2022

AG Nessel Joins $1.25 Million Settlement Over 2019 Carnival Cruise Line Data Breach

"Michigan to Receive More than $29,000?"

*LANSING* ? Michigan Attorney General Dana Nessel joined 45 other attorneys general to secure a $1.25 million multistate settlement with Florida-based Carnival Cruise Line stemming from a 2019 data breach that involved the personal information of approximately 180,000 Carnival employees and customers nationwide. Michigan will receive $29,016.47 from the settlement.?

In March 2020, Carnival publicly reported a data breach in which an unauthorized actor gained access to certain Carnival employee e-mail accounts. The breach included names, addresses, passport numbers, driver?s license numbers, payment card information, health information, and a relatively small number of Social Security Numbers. In Michigan, 3,817 residents were impacted.?

Breach notifications sent to attorneys general offices stated that Carnival first became aware of suspicious email activity in late May of 2019?approximately 10 months before Carnival reported the breach. A multistate investigation ensued, focusing on Carnival?s email security practices and compliance with state breach notification statutes.?

?Unstructured? data breaches like the Carnival breach involve personal information stored via email and other disorganized platforms. Businesses lack visibility into this data, making breach notification more challenging?and consumer risk rises with delays.?

?I?m proud to join my colleagues in securing more than a million dollars from Carnival related to this data breach,? Nessel said. ?Just as important are the new policies Carnival agreed to, which will better protect their employees? and customers? personal information. We must ensure large companies and corporations prioritize data security just as they would profits.??

Under the settlement, Carnival has agreed to a series of provisions designed to strengthen its email security and breach response practices going forward. Those include:


* implementation and maintenance of a breach response and notification plan;
* email security training requirements for employees, including dedicated phishing exercises;
* multi-factor authentication for remote email access;
* password policies and procedures requiring the use of strong, complex passwords, password rotation, and secure password storage;
* maintenance of enhanced behavior analytics tools to log and monitor potential security events on the company?s network; and
* consistent with past data breach settlements, undergoing an independent information security assessment.?

The settlement?s Michigan agreement is now available on the Department of Attorney General website [ [link removed] ].?

Connecticut, Florida, and Washington co-led the investigation and were assisted by Alabama, Arizona, Arkansas, Ohio, and North Carolina. ?

The other attorneys general to join include Alaska, Colorado, Delaware, the District of Columbia, Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Dakota, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, West Virginia, Wisconsin, and Wyoming.?

###

________________________________________________________________________

Michigan Department of the Attorney General ? Questions?
? Contact Us [ [link removed] ]

STAY CONNECTED: Visit us on Facebook [ [link removed] ] Visit us on Twitter [ [link removed] ] YouTube [ [link removed] ] Sign up for email updates [ [link removed] ] ?

Bookmark and Share [ [link removed] ]

SUBSCRIBER SERVICES:
Manage Preferences [ [link removed] ]??|?Help [ [link removed] ]

________________________________________________________________________

This email was sent to [email protected] using GovDelivery Communications Cloud on behalf of: Michigan Attorney General ? G. Mennen Williams Building, 7th Floor?? 525 W. Ottawa St., P.O. Box 30212 ? Lansing, MI 48909?? 517-373-1100
Screenshot of the email generated on import

Message Analysis

  • Sender: n/a
  • Political Party: n/a
  • Country: n/a
  • State/Locality: n/a
  • Office: n/a
  • Email Providers:
    • govDelivery