1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Texas Attorney General Ken Paxton issued Civil Investigative Demands to Blue Cross Blue Shield of Texas and Conduent Business Services LLC as part of an investigation into a data breach that exposed the protected health information of approximately four million Texans. The breach, which occurred between October 21, 2024 and January 13, 2025, is believed to be the largest in U.S. history. The investigation focuses on Conduent's security measures and BCBS's compliance with state data protection laws.
Texas Attorney General Ken Paxton filed a lawsuit against PowerSchool, a provider of cloud-based services for K-12 schools, following a data breach that exposed the personal and health information of over 880,000 Texas school-aged children and teachers. The breach occurred in December 2024 when a hacker gained administrative access through a subcontractor's account and stole unencrypted data including Social Security numbers, medical details, and disability records. The lawsuit alleges PowerSchool violated Texas law by failing to implement basic security measures and by misleading customers about its security practices.
The FTC finalized an order with GoDaddy for failing to implement adequate data security measures and misleading consumers about its security and Privacy Shield compliance. The order prohibits misrepresentations, requires a comprehensive security program, and mandates independent assessments.
The FTC finalized a consent order against Blackbaud Inc. for alleged security failures that led to a data breach exposing personal data of millions of consumers. Blackbaud must delete unnecessary data, implement a security program, and not misrepresent its policies. No monetary penalty was imposed.
The FTC settled with Ring for failing to secure consumer videos, allowing unauthorized access by employees and hackers. Ring agreed to provide $5.6 million in refunds to affected customers and implement security measures.
$5.6M
The FTC settled with CafePress for failing to implement reasonable data security measures, leading to multiple breaches that exposed Social Security numbers and other sensitive data. As part of the settlement, over $370,000 in refunds are being distributed to 20,044 consumers who filed valid claims.
$370K
Lightyear Dealer Technologies (DealerBuilt) settled an investigation into a 2016 data breach where a misconfigured file system exposed personal data, including social security numbers and bank information, of thousands of auto dealership customers nationwide. The settlement includes an $80,784 payment (with $20,000 suspended) and mandatory cybersecurity reforms.
$49K
All data sourced from official government enforcement pages.