back to article Carnival Cruises torpedoed by US states, agrees to pay $6m after wave of cyberattacks

Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyberattacks. A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based biz revealed intruders …

  1. Vir_Floridanus

    It’s enough to make you want to keel over

    1. UCAP Silver badge

      It will definitely give senior management a sinking feeling.

    2. sanmigueelbeer Silver badge

      US$6million is an amount you don't want to toot your horn.

      I could use that U$6mil to splash around and make waves.

    3. Korev Silver badge
      Coat

      Was it a phishing boat to blame?

    4. tip pc Silver badge

      They seem all at sea about this issue.

  2. Lis

    From the article

    Quote, "This settlement sends the message that companies need to take stock of what information they maintain and take reasonable steps to protect that information," unquote.

    Seriously? SERIOUSLY?

    The only message this will send is "as you were and just suck up the pathetic fines".

    And just what is the point of fining the company. They will just increase the prices they charge to cover the cost. Now if the boardroom members were personally fined.... Oh fuck the fines, just bung them in prison. Maybe it really is the only way to be sure.

    Ishy

    1. Doctor Syntax Silver badge

      Re: From the article

      "They will just increase the prices they charge to cover the cost."

      Competition should be able to prevent that...."also owns Costa, Cunard, Holland America, Princess and Seabourn". Hmm. Maybe time for a monopolies investigation.

      1. Roj Blake

        Re: From the article

        In terms of market share, Carnival are only just ahead of Royal Caribbean. Other players in the market include Norwegian, MSC, and a whole host of smaller lines.

  3. Pascal Monett Silver badge
    Flame

    "Carnival didn't admit to any wrongdoing"

    Really ?

    You have a laundry list of fuckups and you don't admit that you fucked up ?

    There should be jail time for the idiot that spouted that nonsense.

    1. Doctor Syntax Silver badge

      Re: "Carnival didn't admit to any wrongdoing"

      That's the trouble with civil settlements like these, such statements can't be construed as contempt of court.

    2. EricB123 Bronze badge

      Re: "Carnival didn't admit to any wrongdoing"

      But that would be so anti-business!

  4. Doctor Syntax Silver badge

    What's needed are a few cases with penalties sufficient to bring down the company. Nothing less than seeing poor security as a threat to the entire business will grab some boards' attention.

  5. Jimmy2Cows Silver badge

    ...employee credit card numbers – were downloaded

    Why on Earth would they hold employee credit card numbers? Customer card numbers, sure. But their own staff?

    Could be company credit cards, but then surely the article would've stated it thusly.

  6. EnviableOne Silver badge

    rotating passwords

    really doesn't work. it just drives bad behaviour (I'll add 1 to the number on the end)

    the AGs should really read the NIST SP 800-63b

    "Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).

    However, verifiers SHALL force a change if there is evidence of compromise of the

    authenticator."

    1. Anonymous Coward
      Anonymous Coward

      Re: rotating passwords

      I'm dealing with that right now. We have a large customer that, in their due diligence, is insisting that we put password rotation back in place. I've sent them that exact NIST reference you quoted along with a paper from SANS institute explaining the same thing.

      Even the boneheads at PCI finally gave up this stupid idea.

      1. EnviableOne Silver badge

        Re: rotating passwords

        a couple more resources to throw at the auditors:

        https://www.ncsc.gov.uk/collection/passwords

        https://www.ncsc.gov.uk/blog-post/your-password-expiry-policy-may-have-reached-its-expiry-date

        https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/

  7. sitta_europea

    More than once I've asked the Register about this.

    There is no doubt what this article's stock headline image depicts.

    https://upload.wikimedia.org/wikipedia/commons/thumb/c/ca/Titanic_Starboard_View_1912.gif/400px-Titanic_Starboard_View_1912.gif

    Please don't use even - perhaps especially - cartoon images of the Titanic flippantly.

    It's offensive.

    More than 1500 people died in that disaster and it's most disrepectful to the memory of the victims and their families and friends.

    And it marks you out as jerks.

  8. jvf

    SSDD

    Been on several Carnival cruses and had a blast every time. Fortunately, we had to postpone our last attempt several years ago or we might have been aboard the ship that lost a generator and had to be towed ignominiously back to port after a few days of hell for everyone (whew!). So, if they got my info it’s seriously out of date.

    But, it points to a very depressing situation: It seems like every major company, no matter what the industry, is run by imbeciles. As I’ve lamented before, it’s a Beavis and Butthead world now and they run the show. It’s also another reason I don’t bother chasing cell phone or ISP providers or OS systems in an attempt to go with a more honest or environmentally oriented corporate structure. They all suck. Pick one, hold your nose and get on with life.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022