Penalty Amount
$16,000,000
Connecticut, as part of a 40-state coalition, secured multistate settlements totaling over $16 million with Experian and T-Mobile related to data breaches in 2012 and 2015 that exposed consumers' personal information. Experian agreed to pay $12.67 million and implement enhanced data security measures, while T-Mobile agreed to pay $2.43 million and strengthen vendor management. Additionally, Experian Data Corp. paid $1 million to resolve a separate 2012 breach investigation, with all entities required to improve data protection practices.
Experian agreed to pay $12.67 million and implement a comprehensive information security program with zero-trust principles, due diligence, data minimization, and specific security requirements. T-Mobile agreed to pay $2.43 million and implement a vendor risk management program with contractual security requirements for vendors. Experian Data Corp. agreed to pay $1 million to improve vetting of third parties and maintain a Red Flags program. Experian also must offer 5 years of free credit monitoring to affected consumers.
Entity
Experian; T-Mobile
Industry
Data Broker$100K
The Connecticut Attorney General announced a $100,000 settlement with Spruce Power 3, LLC to resolve an investigation into billing, customer service, and warranty issues stemming from consumer complaints. The settlement includes refunds for improper charges and requires reforms to improve billing practices and response times. Separately, an investigation was initiated into SunStrong Management LLC based on approximately 65 consumer complaints regarding warranty failures, unresponsiveness, and fees.
Connecticut Attorney General William Tong joined a coalition of 17 attorneys general in filing a lawsuit against the U.S. Department of Education to stop new data reporting requirements under IPEDS that demand detailed student information. The coalition argues the requirements are unlawful, arbitrary, and jeopardize student privacy by requesting in-depth data that could lead to inadvertent errors and baseless investigations. The lawsuit seeks an injunction to block the implementation of these requirements.
Connecticut Attorney General William Tong, joined by 17 other attorneys general, filed a lawsuit against the U.S. Department of Education to block new IPEDS data reporting requirements that demand student information disaggregated by race and sex. The coalition argues the rushed implementation is unlawful, invades student privacy, and risks unreliable data and baseless investigations. They seek an injunction to halt the data collection and protect student privacy.
PURA preliminarily approved the sale of Aquarion Water Company to a new nonprofit Aquarion Water Authority, expected to double water rates. Attorney General Tong opposes the decision, citing loss of public oversight and high costs to consumers. The conversion removes PURA regulation, placing rate approvals under a board with no history of rejecting hikes.
$5.1M
Connecticut Attorney General William Tong secured a $5.1 million financial relief package for tenants of the Concierge Apartments in Rocky Hill following an investigation into unsafe living conditions and landlord mismanagement. The agreement provides cash payments, free rent, and utility waivers to displaced and affected tenants, with a second agreement pending to address long-term accountability and communications.
Connecticut Attorney General William Tong submitted testimony in support of genetic privacy legislation that would grant residents exclusive control over their DNA and genetic data. The legislation is inspired by his office's investigation into 23andMe's data breach affecting over six million customers and the company's subsequent bankruptcy. The bill requires express consent for DNA use, imposes security measures, and prohibits marketing use of DNA.