Bloomberg Law
June 24, 2022, 4:07 PMUpdated: June 24, 2022, 4:33 PM

New York Fines Carnival $5 Million Over Data Security Lapses (1)

Andrea Vittorio
Andrea Vittorio

Carnival Corp. must pay a $5 million penalty to New York state over a breach of customer data that violated the state’s cybersecurity rules.

The cruise line was fined for lapses in security technology and training and for failing to promptly disclose a 2019 cybersecurity incident that exposed the personal information of Carnival customers, according to New York’s Department of Financial Services.

The company earlier this week reached a $1.25 million data breach settlement with 45 states and the District of Columbia, their attorneys general announced.

Carnival was subject to the New York financial watchdog’s cybersecurity regulation because the company ...