SC joins $1.25M settlement over Carnival Cruise data breach, attorney general says

COLUMBIA, S.C. — Attorney General Alan Wilson announced on Wednesday that South Carolina would join 45 other states and their attorney general in a $1.25 million multistate settlement with Florida-based Carnival Cruise Line, stemming from a 2019 data breach that involved the personal information of around 180,000 employees and customers nationwide.

South Carolina is set to receive $20,200.21 from the settlement.

Carnival publicly reported the data breach in March 2020, after an unauthorized person gained access to certain Carnival employee email accounts.

The breach included names, addresses, passport numbers, driver’s license numbers, payment card information, health information, and some Social Security numbers.

Over 2,000 South Carolinians were impacted by the breach.

The breach notifications stated that Carnival first became aware of the suspicious email activity in late May 2019, 10 months before it reported the breach.

“What happened in this case is a reminder that it could happen to any other business, so it’s important for businesses to take preventive measures to protect the private information of their customers,” Attorney General Wilson said. “They also need to follow regulations about notifying consumers promptly when there is a breach of private information.”

Under the settlement, Carnival has agreed to a series of provisions to strengthen its email security and breach response moving forward.

Carnival has agreed to implement a breach response and notification plan, email security training requirement for employees, multi-factor authentication for remote email access, password policies, maintenance of behavior analytics tools, and an independent information security assessment.

Click here to see the other states involved in the settlement.

(WATCH BELOW: Woman goes overboard on Carnival Valor cruise ship in Gulf, Coast Guard says)

Comments on this article