1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
California Attorney General Rob Bonta, joined by Connecticut and New York Attorneys General, secured a $5.1 million multistate settlement with edtech company Illuminate Education, Inc. over a 2021 data breach that exposed sensitive personal and medical information of millions of students, including over 434,000 California students. The investigation found Illuminate failed to implement basic security measures, including failing to terminate former employee credentials, lacking suspicious activity monitoring, and unsecured backup databases, as well as making false statements in its privacy policy. Illuminate must pay $3.25 million to California, implement enhanced security practices, and notify the CA DOJ of future student data breaches.
$5.1M
California Attorney General Rob Bonta announced a $1.55 million settlement with health information website publisher Healthline Media LLC, resolving allegations that the company violated the CCPA and Unfair Competition Law. Violations included failing to honor consumer opt-out requests, sharing sensitive health data with third parties without required privacy protections, and using deceptive consent banners that did not disable tracking cookies. The settlement imposes injunctive terms, compliance requirements, and a civil penalty, marking the largest CCPA settlement to date.
$1.6M
California Attorney General Rob Bonta announced a $6.75 million settlement with software company Blackbaud over a 2020 data breach that exposed consumers' personal information including Social Security numbers, bank account details, and medical data. Blackbaud was found to have inadequate data security practices, failed to timely and accurately notify impacted individuals of the breach, and made misleading public disclosures about the breach and its pre-breach security measures. The settlement requires Blackbaud to pay penalties and implement enhanced data security and breach notification protocols.
$6.8M
California Attorney General Rob Bonta announced a settlement with Sephora, Inc. resolving allegations that the company violated the California Consumer Privacy Act (CCPA) by failing to disclose it was selling consumers' personal information and failing to process opt-out requests via user-enabled Global Privacy Controls. Sephora agreed to pay $1.2 million in penalties and implement injunctive measures including updating privacy disclosures, enabling opt-out via GPC, conforming service provider agreements to CCPA, and reporting to the AG. The settlement is part of ongoing CCPA enforcement efforts, with the AG also issuing cure notices to other businesses failing to honor GPC opt-out signals.
$1.2M
Lenovo preinstalled 'Visual Discovery' software on its computers that intercepted browsing data and broke encrypted connections without user consent, compromising security and privacy. The multi-state settlement imposes a $3.5 million penalty and requires Lenovo to implement disclosure, consent, opt-out, and security compliance measures.
$3.5M
Wells Fargo Bank recorded consumer phone calls without providing timely notice as required by California law, violating privacy statutes. The settlement imposes a $7.616 million civil penalty, requires compliance with disclosure standards, and mandates an internal compliance program to protect consumer privacy.
$7.6M
All data sourced from official government enforcement pages.