RALEIGH, N.C.(WNCN) – North Carolinians impacted by a Carnival Cruise data breach may be eligible to receive funds from a new settlement.
Attorney General Josh Stein announced Wednesday he has reached a $1.25 million multistate settlement with Carnival Cruise Line. In 2019, a data breach released personal information of about 180,000 Carnival employees and customers. More than 3,100 of those victims were North Carolinians.
Stein was part of the executive committee investigating Carnival. Of the more than $1 million settlement, North Carolina will receive $42,830.10.
“The ramifications of a data breach can be devastating for people whose identity and financial information is compromised and stolen,” said Stein said in a statement. “Companies that have our personal and financial information must do everything reasonably within their power to protect it from hackers. I’m pleased that Carnival is making changes to better safeguard people’s data.”
Carnival is accused of waiting 10 months to report the 2019 data breach.
They reported an unauthorized actor gained access to certain Carnival employee e-mail accounts.
The hackers were able to gain information from these emails that included passport numbers, driver’s license numbers, payment card information, health information, and Social Security Numbers.
Stein’s office said Carnival has agreed to strengthen its email security and breach response practices in the future.
They said the company plans to implement and maintaining a breach response and notification plan, monitor potential security events, put in place employee email security training, multi-factor authentication for remote email access, and stronger password policies, and undergoing an independent information security assessment.