![]() ![]() “This matter also highlights the importance of promptly notifying the relevant government agencies and consumers when personal information is compromised, and I am pleased that we were able to reach a fair and reasonable settlement that addresses the conduct at issue. “It is imperative that businesses that collect or maintain sensitive personal information take every precaution to keep that information secure,” Attorney General Miyares said. More than 3,000 Virginia residents were impacted. According to breach notifications sent to attorneys general offices, Carnival first became aware of suspicious email activity in late May 2019 - approximately 10 months before Carnival reported the breach, which involved the personal information of around 180,000 Carnival employees and customers. In March 2020, Carnival publicly reported a data breach in which an unauthorized actor gained access to certain Carnival employee email accounts and personal information. Alabama, Arizona, Arkansas, Ohio, and North Carolina provided additional assistance and were joined by Alaska, Colorado, Delaware, the District of Columbia, Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Dakota, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, West Virginia, Wisconsin, and Wyoming.Ĭarnival did not respond to a request for comment.More than 20,000 still without power in metro Richmond and Tri-Cities The investigation was co-led by Connecticut, Florida, and Washington. ![]() “The CISO shall report security incidents to the audit committee in accordance with Carnival’s incident response plan.” “The CISO’s responsibilities shall also include reporting any security incident impacting 500 or more consumers in the United States to the chief executive officer, chief information officer, and chief operations officer within 48 hours of discovery,” the settlement stated. The CISO must have proper credentials, background, and expertise in information security and will oversee the implementation and maintenance of the company’s information security program. On top of these requirements, Carnival must employ a chief information security officer (CISO) going forward, according to the settlement.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |