New York’s Department of Financial Services has fined cruise line operator Carnival $5 million for “significant cybersecurity violations.
According to the regulator, Carnival violated several cybersecurity laws, including the company’s failure to enable multi-factor authentication.
The cybersecurity violations were uncovered in the four breaches reported by the company between 2019 and 2021, which exposed significant amounts of sensitive customer data.
The state regulator said Carnival failed to report a breach and adequately train its cybersecurity staff. Carnival failed to comply with cybersecurity rules, which led to the company filing improper cybersecurity compliance certifications from 2018 to 2020.
Despite the allegations, Carnival did not admit any wrongdoing and said data privacy and protection were “extremely important” to the company.
The increasing rate of cyber intrusions is forcing both security agencies and organizations to increase security, and one of the ways to do this is to enable two-factor authentication. Two-factor authentication is an extra layer of security added to the log-in process.
The sources for this piece include an article in Reuters.