Category: U.S.

Expensive week for Carnival Corp: a $1.25 million settlement with states over one breach, then a $5 million settlement with New York for violating state cybersecurity regulation

Posted on by Dissent

It seems this was the week for following up on Carnival Corporation breaches. Earlier this week, state attorneys general announced a $1.25 million multistate settlement with the cruise line over a 2019 data breach first disclosed in 2020. But there was other news concerning the cruise line this week, too. On Friday, the New York…

Read more

New York State School District Audits Released in June

Posted on by Dissent

New York State Comptroller DiNapoli released more school district audits in June. As always, some of the audits do not reveal all the concerns or recommendations. Some concerns or recommendations are shared with districts confidentially for security reasons. Here are summaries of audits of school districts released in June that relate to school district IT:…

Read more

FTC Finalizes Action Against CafePress for Covering Up Data Breach, Lax Security

Posted on by Dissent

CafePress Must Bolster Data Security Protections, Pay Half a Million Dollars The Federal Trade Commission finalized an order against CafePress over allegations that it failed to secure consumers’ sensitive personal data including Social Security numbers and covered up a major data breach. The Commission’s order requires the company to bolster its data security and requires its former…

Read more

Maryland Amends Data Security and Breach Notice Obligations

Posted on by Dissent

Julia K. Kadish, Kari M. Rollins, and Liisa M. Thomas of Sheppard, Mullin, Richter & Hampton LLP write: Maryland recently passed two companion bills amending the state’s Personal Information Protection Act. The bills modify the data breach notification requirements and scope of businesses subject to the data security requirements. The key changes are summarized below, and will…

Read more