Federal and state enforcement actions involving employee data violations, tracked from official government sources.
3
Total Actions
$600K
Total Fines
2
Jurisdictions
National Amusements, Inc. suffered a data breach exposing personal information of over 23,000 New York employees due to inadequate security, including unenforced multifactor authentication. The company delayed breach notification for over a year, violating the New York Shield Act. As a result, National Amusements agreed to pay $250,000 in penalties and implement enhanced cybersecurity measures.
$250K
New York Attorney General Letitia James secured a $350,000 settlement from Personal Touch Holding Corporation for failing to protect patient and employee data. A ransomware attack in January 2021 compromised the personal and medical information of approximately 316,845 New Yorkers due to inadequate security measures. As part of the agreement, Personal Touch must pay penalties, enhance its cybersecurity program, and provide free credit monitoring to affected individuals.
$350K
The FTC finalized an order against Chegg Inc. for failing to secure student data, leading to breaches that exposed personal information of about 40 million users and employees. Chegg must implement a comprehensive security program, limit data collection, offer multifactor authentication, and allow data access and deletion.