NEW YORK (Reuters) – A New York state regulator on Friday fined Carnival Corp $5 million over “significant” cybersecurity violations, as the cruise line operator suffered at least four cybersecurity events that exposed a substantial amount of sensitive, personal data belonging to its customers.
New York’s Department of Financial Services said Carnival violated a state regulation requiring greater oversight, reporting and training to prevent data breaches, including ransomware attacks, and as a result filed improper compliance certifications from 2018 to 2020.
(Reporting by Jonathan Stempel in New York; editing by Jonathan Oatis)