"Carnival Cruises Fined $5 Million for Cybersecurity Failures"

Carnival Cruise Lines will have to pay more than $6.25 million to settle two lawsuits brought by 46 states in the U.S. after a series of cyberattacks allowed hackers to access private information about customers and workers.  In 2019 the first breach happened as a result of a phishing email or password spray attack.  In April 2020, the company disclosed that hackers had not only encrypted some of its data but had also downloaded thousands of people's names and addresses, Social Security numbers, driver's license, and passport numbers, as well as their health and financial information, in almost every state in the U.S.  Between August 2020 and March 2021, there were three more breaches, two of which used ransomware and the other one involved phishing.  As part of the settlement, Carnival agreed to create training requirements for employees, conduct phishing-focused exercises, and use multifactor authentication (MFA) for remote access to corporate email.  Carnival is going to employ secure password storage systems, strong, complex passwords, and password rotating.  Carnival will also be implementing third-party security evaluations and advanced behavior analytics tools to log and watch for potential security incidents on the Carnival network.

iTech Post reports: "Carnival Cruises Fined $5 Million for Cybersecurity Failures"