COLUMBIA, S.C. (WBTW) — South Carolina will receive $20,500 as part of a $1.25 million settlement from Carnival Cruise Line following a 2019 data breach, South Carolina Attorney General Alan Wilson announced Wednesday afternoon.
Forty-six states have received part of a settlement from the Florida-based business. Information was stolen about 2,259 South Carolinians, who have been notified.
The company reported in March 2020 that an “unauthorized actor” had access to some Carnival employees’ email accounts. It waited 10 months after it found out about the breach to report it.
The breach included the names, addresses, passport numbers, driver’s license numbers, card information, health information and some Social Security numbers, according to Wilson. It impacted about 180,000 employees and customers.
“What happened in this case is a reminder that it could happen to any other business, so it’s important for businesses to take preventive measures to protect the private information of their customers,” Wilson said in the written announcement. “They also need to follow regulations about notifying consumers promptly when there is a breach of private information.”
Carnival is required to strengthen its email security and breach response protocols, according to the announcement. Other measures include creating a breach response and notification plan, requiring email security training for employees, using multi-factor authentication for remotely accessing emails and requiring strong passwords, among others.