1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
California Attorney General Rob Bonta filed a lawsuit against the City of El Cajon for unlawfully sharing Automated License Plate Reader (ALPR) data with over 100 out-of-state law enforcement agencies, violating state law that restricts such data to California public agencies. The AG is seeking a court order to halt the sharing and compel compliance with state privacy protections.
New York Attorney General Letitia James joined a multistate coalition of 21 attorneys general and Kentucky in filing a lawsuit against the U.S. Department of Agriculture (USDA) challenging its illegal demand for personally identifiable information of over 40 million SNAP recipients. The coalition alleges the USDA’s requirement that states turn over SNAP recipients’ Social Security numbers, addresses, and immigration statuses violates federal and state laws prohibiting disclosure of SNAP data for non-program purposes, and that the data will be shared across federal agencies for unauthorized immigration enforcement. The coalition seeks a declaratory judgment declaring the policy illegal and a nationwide injunction preventing enforcement of the data demand.
California Attorney General Rob Bonta announced a $1.55 million settlement with Healthline Media LLC for CCPA violations. Healthline failed to honor opt-out requests, shared consumer data including health-related article titles with third parties, and used deceptive privacy practices. The settlement includes injunctive relief and a compliance program.
$1.6M
Tilting Point Media LLC illegally collected and shared children's personal data in its mobile app game 'SpongeBob: Krusty Cook-Off' without parental consent, violating COPPA and CCPA. The settlement imposes a $500,000 civil penalty and injunctive terms to ensure compliance with children's data privacy laws.
$500K
Blackbaud, a software company, suffered a data breach in 2020 due to inadequate security measures and made misleading statements about the breach and its security practices. California Attorney General Rob Bonta secured a $6.75 million settlement requiring Blackbaud to pay penalties and implement enhanced data security and breach notification protocols.
$6.8M
DoorDash sold California consumers' personal information to a marketing cooperative without providing required notice or an opt-out option, violating the CCPA and CalOPPA. The settlement requires DoorDash to pay a $375,000 civil penalty and comply with injunctive terms, including reviewing vendor contracts and providing annual reports to the Attorney General. This enforcement action clarifies that participation in marketing cooperatives constitutes a sale under the CCPA.
$375K
California Attorney General Rob Bonta announced a $93 million settlement with Google for deceiving users about location tracking. Google continued to collect location data even after users opted out, violating California consumer protection laws. The settlement includes injunctive terms to enhance transparency and user controls over location settings.
$93.0M
California Attorney General Rob Bonta, alongside six county district attorneys, announced a $49 million settlement with Kaiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals resolving allegations of unlawful disposal of hazardous waste, medical waste, and protected patient health information. Investigations of 16 Kaiser facilities found hundreds of hazardous and medical waste items and over 10,000 paper records containing data of more than 7,700 patients in unsecured dumpsters. The settlement requires Kaiser to pay up to $49 million in penalties and compliance costs, retain an independent auditor for five years of regular audits, and implement enhanced waste and data disposal procedures.
$49.0M
California Attorney General Rob Bonta announced a $49 million settlement with Kaiser for illegally disposing of hazardous waste, medical waste, and protected patient information at facilities statewide. The settlement resolves allegations of violations under health privacy and environmental laws, requiring Kaiser to pay penalties, implement compliance measures, and undergo independent audits.
$49.0M
California Attorney General Rob Bonta announced a settlement with Sephora, Inc. for $1.2 million over violations of the California Consumer Privacy Act. Sephora failed to disclose that it sold consumer personal information and did not process opt-out requests via Global Privacy Control. The settlement requires Sephora to pay penalties and implement compliance measures including policy changes and reporting.
$1.2M
Anthem, Inc. settled with California for $8.69 million over a 2014 data breach that exposed personal information of 78 million consumers, including 13.5 million Californians. The breach resulted from security deficiencies, and the settlement includes injunctive relief to improve information security practices. This action was part of a parallel multistate settlement.
$8.7M
California Attorney General settled with Glow, Inc. for $250,000 due to privacy and security failures in its fertility app that risked exposing users' sensitive health information. The settlement requires Glow to implement privacy and security measures, obtain affirmative consent for data sharing, and consider unique impacts on women.
$250K
California Attorney General led a multistate settlement with Equifax for a 2017 data breach that exposed personal information of 147 million consumers due to security failures and delayed disclosure. Equifax must pay $175 million in state penalties, $425 million for consumer restitution, and implement data security enhancements including a comprehensive Information Security Program and credit monitoring for up to ten years.
$175.0M
Premera Blue Cross suffered a data breach in 2014 that exposed personal and medical information of 10.5 million consumers. As part of a multistate settlement, Premera agreed to pay $10 million in civil penalties and implement security improvements and a compliance program. California will receive over $1 million from the settlement.
$10.0M
Aetna Inc. settled with the California Attorney General for $935,000 over allegations that it revealed the HIV status of 1,991 Californians through a mailing error where medication information was visible through envelope windows. The settlement requires Aetna to implement improved mailing procedures and conduct annual privacy assessments. This action enforces health privacy laws and protects sensitive medical information.
$935K
Uber Technologies, Inc. settled for $148 million over a 2016 data breach that exposed 57 million users' personal information. The company was accused of covering up the breach by paying hackers and failing to notify authorities or affected drivers as required by law. The settlement includes a large penalty and mandates robust data security practices, privacy-by-design integration, and regular reporting to prevent future incidents.
$148.0M
Cottage Health System experienced two data breaches exposing medical information of over 50,000 patients due to inadequate security measures. The settlement requires a $2 million penalty and upgrades to security practices, including designating a Chief Privacy Officer.
$2.0M
Lenovo preinstalled 'Visual Discovery' software on its computers that intercepted browsing data and broke encrypted connections without user consent, compromising security and privacy. The multi-state settlement imposes a $3.5 million penalty and requires Lenovo to implement disclosure, consent, opt-out, and security compliance measures.
$3.5M
Target settled a multi-state enforcement action for a 2013 data breach that exposed payment card information of over 40 million customers due to inadequate security. The $18.5 million settlement requires Target to implement advanced security measures, and California receives over $1.4 million.
$18.5M
Wells Fargo Bank recorded consumer phone calls without providing timely notice as required by California law, violating privacy statutes. The settlement imposes a $7.616 million civil penalty, requires compliance with disclosure standards, and mandates an internal compliance program to protect consumer privacy.
$7.6M
The California Attorney General settled with Houzz Inc. for secretly recording incoming and outgoing telephone calls from March to September 2013 without notifying or obtaining consent from all parties, violating state wiretapping and eavesdropping laws. The settlement requires Houzz to pay $175,000, appoint a Chief Privacy Officer, conduct a privacy risk assessment, secure and destroy the recordings, and implement compliance measures.
$175K
Comcast disclosed personal information of approximately 75,000 customers who had paid for unlisted VOIP phone service. The settlement includes a $25 million penalty and $8 million in restitution, along with a permanent injunction requiring improved privacy practices and customer disclosures.
$25.0M
The California Attorney General reached a $28.4 million settlement with Aaron's, Inc. for installing spyware on rented computers without customer consent and for violating the Karnette Rental-Purchase Act. The spyware, called 'Detective Mode', allowed remote monitoring of keystrokes, screenshots, location, and webcam activation. Aaron's must refund $25 million to approximately 100,000 customers and pay $3.4 million in penalties, and is prohibited from using spyware.
$3.4M
The California Attorney General filed a complaint against Kaiser Foundation Health Plan, Inc. for improperly disposing of patient medical records containing protected health information. The records, including diagnoses and lab results, were found discarded at a recycling facility, violating patient privacy. The action alleges breaches of the California Confidentiality of Medical Information Act.
In 2013, the California Attorney General filed a complaint against Citibank, N.A. alleging that the bank failed to implement adequate security measures and did not properly notify customers about a data breach exposing personal and financial information. The complaint asserts violations of California's data breach notification law.
Anthem Blue Cross printed Social Security numbers on mailed letters, exposing the personal information of over 33,000 Medicare subscribers. The settlement requires the company to improve data security measures, provide employee training, and pay $150,000. This action aims to prevent future privacy violations.
$150K
All data sourced from official government enforcement pages.