[NY State appeared to gain jurisdiction via Carnival’s former insurance business.]
“New York’s Department of Financial Services said Carnival violated a state cyber security regulation by failing to use multi-factor authentication that would make it harder for wrongdoers to access its internal network.
It also said Carnival failed to report one breach and conduct adequate cyber security awareness training for employees.”
Source: Carnival fined US$5m for cyber security violations – Security – iTnews