Attorney General: $44,000 recovered for New Yorkers after Carnival Cruise data breach

ALBANY, N.Y. (WHEC) — State Attorney General Letitia James said her office has recovered $44,000 for the New Yorkers after a settlement on Thursday over a 2019 Carnival Cruise data breach.

A data breach at Carnival Cruises exposed the social security numbers, passport information, dates of birth, health information, and addresses of 180,000 Carnival customers and employees. 6,575 of the people affected were New Yorkers, James said.

James said Carnival Cruise lacked basic security measures to protect its systems from hackers. Carnival Cruises will send $1.25 million to its customers and employees nationally after attorney generals from 45 states demanded money in damages.

“In today’s digital age, companies must shore up their data privacy measures to protect consumers from fraud," James said. "New Yorkers on vacation should not have to worry about their personal information being exposed. Today’s agreement will require Carnival to turn the tide on its reckless data security practices.”

Under the settlement, Carnival has agreed to strengthen its email security features, including multi-factor authentication. The company first reported the breach in March of 2020, months after the data had been stolen.