Skip to Main Content
Colorado Attorney General

Phil Weiser

Colorado Attorney General

File A Complaint
  • About Us
    • Attorney General Bio & Photos
    • Vision & Values
    • Senior Staff & Organization
    • Colorado Attorney General Annual Report
    • Attorney General Opinions
    • Budget & Accounting
    • Contact Our Office
  • Sections
    • Administration
    • Civil Litigation & Employment Law
    • Consumer Protection
    • Criminal Appeals
    • Criminal Justice
    • Natural Resources & Environment
    • Division of Community Engagement
    • Revenue & Regulatory Law
    • State Services
  • Careers
    • Attorney & Other Non-Classified Positions
    • Fellowships
    • Internships
    • Classified Staff Positions
    • Other Opportunities to Join our Team
  • Media Center
    • Press Room
    • Colorado Open Records Act – CORA
  • Resources
    • Survivors of Childhood Sexual Abuse
    • Victim Assistance
    • Colorado Privacy Act
    • Data Protection Laws
    • Violence Prevention Trainings and Resources
    • Funding Opportunities
    • Office of Financial Empowerment
    • Code of Colorado Regulations
    • Colorado Revised Statutes
    • Transparency Online Project (TOPS)
  • Licensing
    • Business Resources
    • Collection Agencies & Debt Collectors
    • Credit Services Organizations
    • UCCC Licensing & Notification
    • Debt Management Services Providers
    • Health Club Bonds
    • Repossessors
    • Student Loan Servicer Licensing
    • Telemarketing
  • Recursos en español

Attorney General Phil Weiser announces $1.25 million multistate settlement in Carnival data breach that exposed personal information of thousands of Coloradans

June 22, 2022 (DENVER)—Attorney General Phil Weiser today announced that Carnival, a cruise-based travel agency, will pay $24,752.87 to the state of Colorado in a $1.25 million multistate settlement after a 2019 data breach compromised the personal information of 3,037 Colorado residents. The company also agreed to implement additional data security safeguards to protect consumers’ information in the future.

“Protecting consumers’ personal information is not only required by law, but also is necessary to ensure people aren’t faced with identity theft and the many other problems that can arise when personal information is compromised,” Weiser said. “Businesses need be vigilant to protect the personal information of their customers and employees from the actions of hackers and others intent on stealing that information.”

In late May 2019, Carnival learned that an employee email address was used to spam other company email accounts. In an apparent business email compromise attack, the intruders compromised 124 Carnival employee email accounts. Ten months later, Carnival provided notice to more than 100,000 consumers nationwide whose personal information was found in the compromised email accounts, including the more than 3,000 Colorado residents.

In today’s settlement, Carnival agreed to implement several specific data security safeguards, including a comprehensive information security program and incident response and data breach notification plan to provide additional protections for consumers.

The settlement funds will be used for reimbursement of the state’s actual costs and attorneys’ fees, the payment of restitution, if any, and for future consumer fraud or antitrust enforcement, consumer education, or public welfare purposes.

Colorado joined a coalition of 45 states and the District of Columbia in this settlement.

Colorado law requires certain persons and entities to take reasonable steps to protect personal identifying information and dispose of personal identifying information when it is no longer necessary to keep it. For more information about Colorado’s data protection laws, click here.

Consumers who believe their personal information may have been compromised and their identity stolen, view Stop Fraud Colorado’s identity theft repair kit here.

###

Media Contact
Lawrence Pacheco
Director of Communications
(720) 508-6553 office | (720) 245-4689 cell
Lawrence.pacheco@coag.gov

Most Recent

Colorado attorney general logo against mountain peaks background and text that reads News from Attorney General Phil Weiser

Attorney General Phil Weiser announces multistate settlement of bankruptcy claims against 23andme over genetic data breach

July 14, 2026 (DENVER) – Attorney General Phil Weiser today joined a coalition of 42 attorneys general announcing a settlement with the bankruptcy trustee for 23andMe, resolving allegations stemming from a 2023 data breach that compromised the genetic data of […]

Colorado attorney general logo against mountain peaks background and text that reads News from Attorney General Phil Weiser

Safe2Tell June report highlights mental health concerns during summer break

July 14, 2026 (DENVER) – A student experiencing suicidal thoughts is now receiving counseling after someone used Safe2Tell to ask for help, and another report enabled school officials to intervene after a student allegedly assaulted a classmate and threatened their […]

Colorado attorney general logo against mountain peaks background and text that reads News from Attorney General Phil Weiser

Attorney General Phil Weiser sues to block Paramount/Warner Bros. merger

July 13, 2026 (DENVER) – Attorney General Phil Weiser today joined a coalition of 12 attorneys general in filing a lawsuit challenging the $110 billion acquisition of Warner Bros. Discovery, Inc. by Paramount Skydance Corporation. The proposed merger would combine […]

Office of the Attorney General
Colorado Department of Law
Ralph L. Carr Judicial Building
1300 Broadway, 10th Floor
Denver, CO 80203

(720) 508-6000

Contact the Office of the Attorney General

Contact

ACCESSIBILITY STATEMENT

DECLARACION DE ACCESIBILIDAD

Facebook
Twitter
LinkedIn
Instagram
YouTube
BlueSky

Attorney General Phil Weiser is working to defend Colorado communities against harmful and illegal actions from the federal government.

Learn more: Defending Colorado