Privacy Enforcement Tracker

1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.

1,285

Total Actions

Jurisdictions

$35.3B+

Total Fines Tracked

Access this data programmatically:MCP Server API Docs

NJAugust 13, 2024Consent DecreeMultistate

Enzo Biochem, Inc.(Enzo Biochem)

Enzo Biochem, Inc. agreed to pay $4.5 million and strengthen its cybersecurity practices to settle allegations that deficient data security led to a ransomware attack exposing the health data of 2.4 million patients. The multistate enforcement action was led by New Jersey with New York and Connecticut.

HighData BreachHealth DataSecurity Failure

$4.5M

NJMay 16, 2023SettlementMultistate

EyeMed Vision Care

EyeMed Vision Care suffered a data breach in June 2020 due to poor security practices, including shared passwords, exposing personal and medical information of approximately 2.1 million individuals. The multistate settlement imposes a $2.5 million penalty and requires EyeMed to implement enhanced security measures and comply with privacy laws.

HighData BreachSecurity FailureHealth Data

$2.5M

NJMarch 11, 2021SettlementMultistate

Retrieval-Masters Creditors Bureau d/b/a American Medical Collection Agency(American Medical Collection Agency)

AMCA suffered an eight-month data breach from August 2018 to March 2019, exposing personal information including Social Security numbers, payment card data, and medical test details of over 7 million individuals nationwide, including 246,000 New Jersey residents. The multistate settlement requires AMCA to implement enhanced data security measures and pay $21 million, though payment is suspended due to the company's financial situation.

CriticalSecurity FailureData BreachHealth Data

$21.0M

NJOctober 8, 2020SettlementMultistate

CHS/Community Health Systems, Inc.(Community Health Systems)

New Jersey Attorney General settled with Community Health Systems, Inc. over a 2014 data breach affecting 6.1 million patients, including over 45,000 New Jersey residents. CHS will pay $5 million to 28 states and implement enhanced data security measures to protect personal and health information.

HighSecurity FailureData BreachHealth Data

$5.0M

NJSeptember 30, 2020SettlementMultistate

Anthem, Inc.(Anthem)

New Jersey Attorney General announced a multi-state settlement with Anthem, Inc. over a 2015 data breach that exposed personal information of over 78 million Americans, including 1.15 million New Jersey residents. Anthem will pay $39.5 million to participating states and implement enhanced cybersecurity measures.

CriticalData BreachSecurity Failure

$39.5M

NJDecember 10, 2018Settlement

EmblemHealth, Inc.(EmblemHealth)

EmblemHealth, Inc. settled with the New Jersey Attorney General over a 2016 data breach where Medicare Health Insurance Claim Numbers (containing Social Security numbers) were improperly disclosed on mailing labels to over 81,000 customers, including 6,443 in New Jersey. The company agreed to pay a $100,000 civil penalty and implement compliance reforms including ceasing use of HICNs with SSNs, enhancing employee training, and notifying the state of future breaches.

MediumData BreachHealth DataSecurity Failure

$100K