Penalty Amount
$1,250,000
Consumers Affected
180,000
Connecticut, co-leading a multistate investigation, secured a $1.25 million settlement with Carnival Cruise Line over a 2019 data breach affecting approximately 180,000 individuals nationwide. The breach exposed sensitive data including passport numbers, driver's licenses, payment card information, and health data, with a 10-month delay in notification. Carnival agreed to implement enhanced email security measures, a breach response plan, and an independent security assessment.
Carnival must implement and maintain a breach response and notification plan, provide email security training with dedicated phishing exercises, enable multi-factor authentication for remote email access, enforce strong password policies, maintain enhanced behavior analytics tools for network monitoring, and undergo an independent information security assessment.
Entity
Carnival Cruise Line
Industry
Other$1.3M
New Jersey, as part of a multistate coalition, settled with Carnival Cruise Line over a 2019 data breach that compromised personal information of approximately 180,000 employees and customers nationwide. The breach resulted from deficiencies in Carnival's data security program and delayed breach notification. Carnival will pay $1.25 million and implement enhanced email security and breach response measures.
$100K
The Connecticut Attorney General announced a $100,000 settlement with Spruce Power 3, LLC to resolve an investigation into billing, customer service, and warranty issues stemming from consumer complaints. The settlement includes refunds for improper charges and requires reforms to improve billing practices and response times. Separately, an investigation was initiated into SunStrong Management LLC based on approximately 65 consumer complaints regarding warranty failures, unresponsiveness, and fees.
Connecticut Attorney General William Tong joined a coalition of 17 attorneys general in filing a lawsuit against the U.S. Department of Education to stop new data reporting requirements under IPEDS that demand detailed student information. The coalition argues the requirements are unlawful, arbitrary, and jeopardize student privacy by requesting in-depth data that could lead to inadvertent errors and baseless investigations. The lawsuit seeks an injunction to block the implementation of these requirements.
Connecticut Attorney General William Tong, joined by 17 other attorneys general, filed a lawsuit against the U.S. Department of Education to block new IPEDS data reporting requirements that demand student information disaggregated by race and sex. The coalition argues the rushed implementation is unlawful, invades student privacy, and risks unreliable data and baseless investigations. They seek an injunction to halt the data collection and protect student privacy.
PURA preliminarily approved the sale of Aquarion Water Company to a new nonprofit Aquarion Water Authority, expected to double water rates. Attorney General Tong opposes the decision, citing loss of public oversight and high costs to consumers. The conversion removes PURA regulation, placing rate approvals under a board with no history of rejecting hikes.
$5.1M
Connecticut Attorney General William Tong secured a $5.1 million financial relief package for tenants of the Concierge Apartments in Rocky Hill following an investigation into unsafe living conditions and landlord mismanagement. The agreement provides cash payments, free rent, and utility waivers to displaced and affected tenants, with a second agreement pending to address long-term accountability and communications.