Penalty Amount
$16,000,000
Connecticut, as part of a 40-state coalition, secured multistate settlements totaling over $16 million with Experian and T-Mobile related to data breaches in 2012 and 2015 that exposed consumers' personal information. Experian agreed to pay $12.67 million and implement enhanced data security measures, while T-Mobile agreed to pay $2.43 million and strengthen vendor management. Additionally, Experian Data Corp. paid $1 million to resolve a separate 2012 breach investigation, with all entities required to improve data protection practices.
Experian agreed to pay $12.67 million and implement a comprehensive information security program with zero-trust principles, due diligence, data minimization, and specific security requirements. T-Mobile agreed to pay $2.43 million and implement a vendor risk management program with contractual security requirements for vendors. Experian Data Corp. agreed to pay $1 million to improve vetting of third parties and maintain a Red Flags program. Experian also must offer 5 years of free credit monitoring to affected consumers.
In-house legal teams should review vendor agreements (particularly those involving data brokers or credit reporting agencies like Experian), customer agreements (such as telecom service contracts with T-Mobile), and any data processing addendums. Focus on clauses governing data security obligations, breach notification timelines and procedures, audit and inspection rights, indemnification for data breaches, data encryption and access control standards, incident response plans, data retention and disposal policies, and vendor oversight requirements. Changes may include strengthening security specifications (e.g., mandatory encryption, regular penetration testing), clarifying breach notification within 72 hours, requiring third-party security audits, enhancing vendor due diligence and monitoring provisions, and updating indemnification terms to cover regulatory fines and consumer redress.
Entity
Experian; T-Mobile
Industry
Data BrokerOn May 11, 2026, Connecticut Attorney General William Tong led a bipartisan coalition of 21 attorneys general in submitting a comment letter to the U.S. Food and Drug Administration (FDA) urging the agency to abandon draft guidance that would ease approvals for flavored e-cigarette products. The coalition argues the guidance ignores evidence that flavored e-cigarettes disproportionately drive youth addiction and that FDA has failed to enforce existing authorization requirements for e-cigarette products. The letter references past tobacco and e-cigarette enforcement actions, including the 1998 tobacco master settlement agreement and the 2022 $438.5 million settlement with JUUL Labs.
Connecticut’s legislature passed House Bill 5312, creating new civil enforcement mechanisms for deepfake digital sexual assault, including unauthorized dissemination of synthetically created intimate images and AI-generated child pornography. The bill establishes a private right of action for victims and empowers the Connecticut Attorney General to pursue civil injunctions and penalties against abusers and platforms hosting illegal content. This builds on prior Connecticut laws criminalizing unauthorized intimate image dissemination.
Connecticut Attorney General William Tong praised final passage of House Bill 5312, which creates new civil enforcement mechanisms for deepfake digital sexual assault. The legislation allows the AG to pursue civil injunctions and penalties against platforms that disseminate illegal synthetic intimate images, including AI-generated child pornography, and establishes a private right of action for victims. The bill builds on prior Connecticut laws criminalizing unauthorized dissemination of intimate images.
$300K
Connecticut Attorney General William Tong announced a settlement with international trade platform Made-in-China to cease all U.S. sales of unlawful 'research grade' GLP-1 weight loss drugs following an investigation into direct sales to consumers without prescriptions or medical oversight. The settlement prohibits the platform from hosting GLP-1 sales to U.S. customers, requires a monitoring system to remove non-compliant listings, and imposes a $300,000 penalty suspended after an initial $30,000 payment. Additional settlements were announced with Radiance Medspa and Advanced Medical Weight Loss over compounded non-FDA approved GLP-1 drugs.
Connecticut Attorney General William Tong issued a statement on May 1, 2026, announcing the final passage of bipartisan legislation targeting youth social media addiction and artificial intelligence harms. The legislation imposes new obligations on social media companies regarding minor account settings, parental consent, and reporting, as well as requirements for AI chatbot operators and employers using automated decision tools. The statement also references ongoing enforcement actions against Meta and TikTok for allegedly designing addictive platform features for youth.
Connecticut Attorney General William Tong issued a statement on May 1, 2026, following final passage of bipartisan legislation to combat youth social media addiction and regulate artificial intelligence harms. The legislation imposes new requirements on social media companies regarding minor users, including parental consent for addictive algorithms, default privacy settings, and annual reporting obligations. It also establishes rules for AI chat bots and automated employment decision tools, including disclosure requirements and self-harm detection protocols.