United States of America: Settlement regarding Carnival Cruise data breach

On 22 June 2022, the multistate investigation into the Carnival Cruise data breach concluded in a USD 1.25 million settlement. The investigation by 45 states and the District of Columbia found that Carnival Cruise did not adequately notify consumers and regulators of the data breach and that vulnerabilities in Carnival's data security programme contributed to the initial breach. The data breach concerned approximately 180'000 customers and employees in the United States, whose information including names, addresses, passport numbers, payment card information, health information and national insurance numbers were compromised.