1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Connecticut Attorney General William Tong led 34 states and territories in a $438.5 million settlement with JUUL Labs over its youth-targeted marketing and misleading practices. The settlement includes strict injunctive terms prohibiting youth marketing, certain flavors, and requiring age verification. Funds will support tobacco cessation programs.
$438.5M
Connecticut Attorney General William Tong and DCP Commissioner Michelle Seagull warned consumers about misleading marketing and high-pressure sales tactics by solar companies, citing active investigations and advising thorough research before signing solar contracts.
Connecticut Attorney General William Tong secured $1.2 million in restitution for 40,841 state consumers as part of a multistate $141 million settlement with Intuit Inc., the owner of TurboTax. The settlement resolves allegations that Intuit deceived low-income consumers into paying for tax preparation services that were offered for free through the IRS Free File program by using deceptive marketing tactics and confusing product names. Intuit must pay restitution, suspend its 'free, free, free' ad campaign, and implement business practice reforms.
$141.0M
The FTC took action against CafePress for failing to secure consumer data and covering up a major data breach. The company stored sensitive information insecurely and delayed notifying customers. As part of the settlement, Residual Pumpkin must pay $500,000 in redress, and both companies must implement comprehensive security programs.
$500K
Connecticut Attorney General filed a $5 million stipulation judgment against Safe Home Security for repeated non-compliance with court-ordered consumer protection measures, including blocking contract terminations and misrepresenting terms. The judgment requires immediate payment of $1 million and suspends $4 million pending compliance, with an independent monitor for five years.
$5.0M
The FTC settled with CafePress for failing to implement reasonable data security measures, leading to multiple breaches that exposed Social Security numbers and other sensitive data. As part of the settlement, over $370,000 in refunds are being distributed to 20,044 consumers who filed valid claims.
$370K
Connecticut Attorney General William Tong issued a public warning following the FinalSite ransomware attack that disrupted school websites and communication systems nationwide. He urged all businesses and government entities to strengthen their data security practices and provided a detailed list of preventive measures. The AG also announced a new online form to help businesses comply with breach notification obligations for Connecticut residents.
The FTC finalized an order banning Support King, LLC and its CEO from the surveillance business for selling stalkerware apps that secretly collected and shared users' personal data without consent. The order requires them to delete all illegally collected data and notify affected device owners.
The FTC banned Support King, LLC (SpyFone) and its CEO from the surveillance business for secretly harvesting and sharing users' data without consent, and ordered the deletion of all illegally collected data and notification to affected device owners. The company failed to secure the data, leading to a hack that exposed 2,200 consumers.
Attorney General William Tong of Connecticut joined a multistate coalition of 37 attorneys general in filing a lawsuit against Google alleging antitrust violations related to the Google Play Store and Google Billing. The lawsuit claims Google used its dominance to restrict competition, force developers to use Google Billing, and charge high commissions up to 30%. The action seeks to restore competition in the app market and halt Google's anticompetitive practices.
The FTC settled with Kuuhuub Inc., operator of the Recolor coloring book app, for violating COPPA by collecting personal information from children under 13 without parental consent. The app's social media features allowed children to register and share data, and third-party ad networks collected persistent identifiers for targeted ads. The settlement requires deletion of children's data, refunds to underage subscribers, a $3 million penalty (suspended upon $100,000 payment), and user notifications about the violations.
$3.0M
The FTC settled with Vivint Smart Homes, Inc. for $20 million over allegations that the company misused consumer credit reports to secure financing for unqualified customers, harming consumers' credit. The FTC is now distributing approximately $500,000 in refunds to affected consumers.
$20.0M
The FTC settled with Vivint Smart Home, Inc. for misusing consumer credit reports to qualify customers for financing without permission, harming innocent third parties' credit. Vivint agreed to pay $20 million, with over $4.7 million for consumer compensation, and established a Customer Service Task Force.
$20.0M
The FTC finalized a settlement with Zoom Video Communications, Inc. for misleading consumers about its data security practices and compromising user security. The settlement requires Zoom to implement a comprehensive security program, review software updates for security flaws, and undergo biennial third-party assessments.
Everalbum, Inc. settled FTC allegations that it deceived consumers about its use of facial recognition technology in its photo storage app and failed to delete photos when users deactivated their accounts. The settlement requires Everalbum to obtain express consent before using facial recognition, delete user photos and derived face embeddings, and delete developed models and algorithms. It also prohibits misrepresentations about data practices and requires consent for biometric data use if marketing software to consumers.
New Jersey participated in a multi-state settlement resolving an investigation into a 2017 data breach at Sabre Hospitality Solutions. Intruders accessed the company's hotel booking system from August 2016 to March 2017, compromising data from over 1.3 million consumer credit cards, including CVV numbers and expiration dates. Sabre failed to promptly notify affected consumers. The $2.4 million settlement requires Sabre to implement enhanced data security measures, develop a breach notification plan, clarify contractual responsibilities with client hotels, and undergo third-party security assessments.
$2.4M
The FTC settled with Zoom for deceiving users about its encryption security and unfairly installing software that bypassed browser safeguards. Zoom must implement a comprehensive security program, undergo biennial audits, and is banned from making false security claims. No monetary penalty was imposed.
The FTC settled with NTT Global Data Centers Americas, Inc. for deceiving consumers about its participation in the EU-U.S. Privacy Shield framework. The company's certification lapsed in 2018, but it continued to claim compliance in its privacy policy and marketing materials. Under the settlement, NTT is prohibited from misrepresenting its participation in any privacy program and must apply Privacy Shield protections to previously collected personal data or delete it.
California Attorney General Xavier Becerra announced a settlement with Glow, Inc., operator of a fertility-tracking mobile app, over privacy and security failures that risked exposing millions of users’ sensitive personal and medical information. The settlement includes a $250,000 civil penalty and injunctive terms requiring Glow to implement privacy and security design principles, obtain affirmative user consent for data sharing, and allow users to revoke consent. Glow was alleged to have failed to safeguard health information, allowed unauthorized access to user data, and maintained flawed password reset functions that could enable third-party access without consent.
$250K
HyperBeard, Inc., a developer of children's apps, agreed to pay $150,000 and delete personal information it illegally collected from children under 13 to settle FTC allegations that it violated COPPA by allowing third-party ad networks to collect persistent identifiers without parental consent. The settlement requires HyperBeard to obtain verifiable parental consent for future data collection and prohibits using the illegally collected data.
$150K
NTT Global Data Centers settled FTC allegations that it misled consumers about its participation in the EU-U.S. Privacy Shield framework and failed to comply with its requirements. The settlement requires the company to hire a third-party assessor if it re-certifies, prohibits misrepresentations about privacy programs, and mandates continued application of Privacy Shield protections or deletion of data collected while participating.
Uber Technologies, Inc. agreed to pay $148 million to settle a multi-state investigation into a data breach that compromised personal information of riders and drivers. The breach occurred in November 2016 but was not disclosed until November 2017. Uber must adopt new policies to safeguard consumer data.
$148.0M
Uber Technologies, Inc. settled for $148 million over a 2016 data breach that exposed 57 million users' personal information. The company was accused of covering up the breach by paying hackers and failing to notify authorities or affected drivers as required by law. The settlement includes a large penalty and mandates robust data security practices, privacy-by-design integration, and regular reporting to prevent future incidents.
$148.0M
Lightyear Dealer Technologies (DealerBuilt) settled an investigation into a 2016 data breach where a misconfigured file system exposed personal data, including social security numbers and bank information, of thousands of auto dealership customers nationwide. The settlement includes an $80,784 payment (with $20,000 suspended) and mandatory cybersecurity reforms.
$49K
Meitu, Inc. allegedly violated COPPA and the New Jersey Consumer Fraud Act by collecting personal information from children under 13 without parental consent. The settlement requires Meitu to pay a $100,000 civil penalty, update its privacy policies, and modify its apps to block data collection from children.
$100K
The New Jersey Attorney General announced an investigation into how the personal information of millions of Facebook users was harvested and obtained by Cambridge Analytica, a UK-based data analytics company. The AG expressed concern that Facebook may have allowed the harvesting and monetization of user data despite promises to keep it secure.
Lenovo preinstalled 'Visual Discovery' software on its computers that intercepted browsing data and broke encrypted connections without user consent, compromising security and privacy. The multi-state settlement imposes a $3.5 million penalty and requires Lenovo to implement disclosure, consent, opt-out, and security compliance measures.
$3.5M
New Jersey joined 31 other states and the FTC in a $3.5 million settlement with Lenovo for pre-installing VisualDiscovery ad software on laptops that created a 'man-in-the-middle' security vulnerability, intercepting users' encrypted data without adequate disclosure or opt-out mechanisms. The settlement requires Lenovo to improve transparency, obtain affirmative consent, provide effective opt-out tools, and implement a long-term security compliance program with independent audits.
$3.5M
VIZIO and Inscape settled allegations that they collected viewing data from Smart TVs without adequate disclosure and consent, selling it to third parties. They agreed to pay $1 million to New Jersey, destroy collected data, and implement privacy measures including obtaining consumer consent and establishing a privacy program.
$1.0M
The California Attorney General settled with Houzz Inc. for secretly recording incoming and outgoing telephone calls from March to September 2013 without notifying or obtaining consent from all parties, violating state wiretapping and eavesdropping laws. The settlement requires Houzz to pay $175,000, appoint a Chief Privacy Officer, conduct a privacy risk assessment, secure and destroy the recordings, and implement compliance measures.
$175K
All data sourced from official government enforcement pages.