1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
New York Attorney General Letitia James settled with public accounting firm Wojeski & Company over two data breaches in 2023 and 2024 that exposed personal information of over 4,700 New York residents, including social security numbers and medical benefits. The firm failed to implement adequate data security measures, did not encrypt sensitive data, and delayed notifying affected consumers of the breaches for over a year. Wojeski must pay $60,000 in penalties and implement enhanced cybersecurity measures including encryption, incident response plans, and employee training.
$60K
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to protect consumers' personal information. The companies' inadequate cybersecurity allowed hackers to steal driver's license numbers and other data through online quoting tools, impacting over 825,000 New Yorkers. The settlements require the companies to pay penalties and implement enhanced data security measures.
$14.2M
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general in suing President Trump and the U.S. Treasury to stop DOGE's unauthorized access to the Treasury's central payment system and confidential records, calling it the largest data breach in American history. The lawsuit seeks an injunction to block the expanded access policy and a declaration that it is unlawful.
GEICO and Travelers were fined $11.3 million for data breaches that exposed personal information of over 120,000 New Yorkers due to inadequate cybersecurity. The breaches involved driver's license numbers being stolen and used in fraudulent unemployment claims. The settlements mandate enhanced security measures and penalties.
$11.3M
Morgan Stanley failed to properly decommission computer devices containing unencrypted customer data, leading to the sale of devices with personal information at auction and missing servers with potential data. A multistate coalition secured a $6.5 million settlement requiring Morgan Stanley to implement enhanced data security measures.
$6.5M
New Jersey Attorney General Matthew Platkin announced a multistate settlement where Morgan Stanley will pay $1.27 million to NJ over data security incidents that compromised personal information of over 755,000 NJ residents and millions nationwide. The incidents involved improper decommissioning of devices and a software flaw, leading to unauthorized access. The settlement requires Morgan Stanley to strengthen its data security and disposal procedures.
$1.3M
New Jersey Attorney General Matthew J. Platkin announced a multistate settlement with Experian and T-Mobile over a 2015 data breach that compromised personal information of over 15 million consumers. The companies will pay over $16 million to states and agree to improve data security and vendor management practices. New Jersey will receive approximately $500,000 from the settlement.
$16.0M
All data sourced from official government enforcement pages.