Skip to Content
Colorado Attorney General

Phil Weiser

Colorado Attorney General

File A Complaint
  • About Us
    • Attorney General Bio & Photos
    • Vision & Values
    • Senior Staff & Organization
    • Colorado Attorney General Annual Report
    • Attorney General Opinions
    • Contact Our Office
  • Sections
    • Administration
    • Business & Licensing
    • Civil Litigation & Employment Law
    • Consumer Protection
    • Criminal Appeals
    • Criminal Justice
    • Natural Resources & Environment
    • Division of Community Engagement
    • Revenue & Utilities
    • State Services
  • Careers
    • Attorney & Other Non-Classified Positions
    • Fellowships
    • Internships
    • Classified Staff Positions
    • Other Opportunities to Join our Team
  • Media Center
    • Press Room
    • Colorado Open Records Act – CORA
  • Resources
    • Survivors of Childhood Sexual Abuse
    • Victim Assistance
    • Budget & Accounting
    • Colorado Privacy Act
    • Code of Colorado Regulations
    • Colorado Revised Statutes
    • Coronavirus Information
    • Data Protection Laws
    • Funding Opportunities
    • Office of Financial Empowerment
    • Student Loans
    • Transparency Online Project (TOPS)
  • Licensing
    • Business Resources
    • Collection Agencies & Debt Collectors
    • Colorado Uniform Consumer Credit Code: Licensing & Notification
    • Debt Management Services Providers
    • Health Club Bonds
    • Repossessors
    • Student Loan Servicers: Licensing
    • Telemarketing
  • Recursos en español

Attorney General Phil Weiser announces $1.25 million multistate settlement in Carnival data breach that exposed personal information of thousands of Coloradans

June 22, 2022 (DENVER)—Attorney General Phil Weiser today announced that Carnival, a cruise-based travel agency, will pay $24,752.87 to the state of Colorado in a $1.25 million multistate settlement after a 2019 data breach compromised the personal information of 3,037 Colorado residents. The company also agreed to implement additional data security safeguards to protect consumers’ information in the future.

“Protecting consumers’ personal information is not only required by law, but also is necessary to ensure people aren’t faced with identity theft and the many other problems that can arise when personal information is compromised,” Weiser said. “Businesses need be vigilant to protect the personal information of their customers and employees from the actions of hackers and others intent on stealing that information.”

In late May 2019, Carnival learned that an employee email address was used to spam other company email accounts. In an apparent business email compromise attack, the intruders compromised 124 Carnival employee email accounts. Ten months later, Carnival provided notice to more than 100,000 consumers nationwide whose personal information was found in the compromised email accounts, including the more than 3,000 Colorado residents.

In today’s settlement, Carnival agreed to implement several specific data security safeguards, including a comprehensive information security program and incident response and data breach notification plan to provide additional protections for consumers.

The settlement funds will be used for reimbursement of the state’s actual costs and attorneys’ fees, the payment of restitution, if any, and for future consumer fraud or antitrust enforcement, consumer education, or public welfare purposes.

Colorado joined a coalition of 45 states and the District of Columbia in this settlement.

Colorado law requires certain persons and entities to take reasonable steps to protect personal identifying information and dispose of personal identifying information when it is no longer necessary to keep it. For more information about Colorado’s data protection laws, click here.

Consumers who believe their personal information may have been compromised and their identity stolen, view Stop Fraud Colorado’s identity theft repair kit here.

###

Media Contact
Lawrence Pacheco
Director of Communications
(720) 508-6553 office | (720) 245-4689 cell
Lawrence.pacheco@coag.gov

Most Recent

Attorney General Phil Weiser calls SCOTUS abortion ruling “a momentous mistake,” reaffirms his commitment to steadfastly defend the Colorado Reproductive Health Equity Act

June 24, 2022 (DENVER)—Colorado Attorney General Phil Weiser released the following statement regarding the U.S. Supreme Court’s decision upending the right to access abortion care in Dobbs v. Jackson Women’s Health Organization: “Today, the U.S. Supreme Court overturned 50 years […]

Statement of Attorney General Phil Weiser on FDA's decision to order JUUL to stop selling e-cigarettes

June 23, 2022 (DENVER)—Attorney General Phil Weiser released the following statement regarding the Food and Drug Administration’s decision to order JUUL to stop selling e-cigarettes on the U.S. market: “As Colorado’s lawsuit against JUUL demonstrates, the company and its founders […]

Red Rocks Credit Union returns more than $300,000 in GAP refunds to Colorado consumers

June 23, 2022 (DENVER) – Attorney General Phil Weiser today announced that Red Rocks Credit Union refunded Coloradans more than $300,000 after the credit union failed to return money consumers were entitled to under state law for unearned guaranteed automobile […]

Office of the Attorney General
Colorado Department of Law
Ralph L. Carr Judicial Building
1300 Broadway, 10th Floor
Denver, CO 80203

(720) 508-6000

Contact the Office of the Attorney General

Contact

Facebook
Twitter