BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Carnival fined $5 million by New York for cybersecurity violations


(Reuters) — A New York state regulator on Friday fined cruise line operator Carnival Corp. $5 million for “significant” cybersecurity violations, following four security breaches from 2019 to 2021 that exposed substantial amounts of sensitive customer data.

New York's Department of Financial Services said Carnival violated a state cybersecurity regulation by failing to use multi-factor authentication that would make it harder for wrongdoers to access its internal network.

It also said Carnival failed to report one breach and conduct adequate cybersecurity awareness training for employees.

The regulator said the failures caused Carnival to file improper cybersecurity compliance certifications from 2018 to 2020.

Carnival was at the time licensed to sell insurance in New York, which the Miami-based company no longer does.

 Two of the breaches involved ransomware attacks, the regulator said.

In a statement, Carnival said it cooperated with the regulator and admitted no wrongdoing.

Carnival's brands include Costa, Cunard, Holland America, Princess and Seabourn.

The company reached a separate $1.25 million settlement on Thursday with the attorneys general of 45 U.S. states and Washington D.C. over one of the breaches.

Earlier on Friday, Carnival said it expected occupancy levels to return to historical levels in 2023, and at higher prices, as more travelers return to the seas despite the COVID-19 pandemic.