(Updates with Carnival's response in the last two paragraphs.)
Carnival (CCL) is under investigation following an April data breach that compromised personal information of about 6 million people, Texas Attorney General Ken Paxton said in a statement Monday.
On April 14, Carnival's security team determined that social engineering techniques were used to deceive an employee and the unauthorized actor gained access to consumers' personal information, according to the statement.
Carnival submitted a data breach notification to the Office of the Attorney General 44 days after the breach, indicating that 800,060 Texas consumers were affected by the breach, per the statement.
A Carnival spokesperson said the company identified unauthorized access to a limited part of its IT system caused by a social engineering attack on a single user account in April. The company immediately blocked the activity, engaged third-party security experts and alerted law enforcement, the spokesperson added.
"We're notifying affected individuals and deeply regret any concern this causes. Protecting the privacy and security of personal data is a priority for us, and we've added new layers of security and monitoring on top of the comprehensive protections already in place. We'll also continue advancing our defenses against evolving threats. We will cooperate fully with the Attorney General's office and provide whatever information is needed," the spokesperson said.
Price: $30.33, Change: $-0.55, Percent Change: -1.77%