1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
California Attorney General Rob Bonta, joined by Connecticut and New York Attorneys General, secured a $5.1 million multistate settlement with edtech company Illuminate Education, Inc. over a 2021 data breach that exposed sensitive personal and medical information of millions of students, including over 434,000 California students. The investigation found Illuminate failed to implement basic security measures, including failing to terminate former employee credentials, lacking suspicious activity monitoring, and unsecured backup databases, as well as making false statements in its privacy policy. Illuminate must pay $3.25 million to California, implement enhanced security practices, and notify the CA DOJ of future student data breaches.
$5.1M
California Attorney General Rob Bonta announced a $6.75 million settlement with software company Blackbaud over a 2020 data breach that exposed consumers' personal information including Social Security numbers, bank account details, and medical data. Blackbaud was found to have inadequate data security practices, failed to timely and accurately notify impacted individuals of the breach, and made misleading public disclosures about the breach and its pre-breach security measures. The settlement requires Blackbaud to pay penalties and implement enhanced data security and breach notification protocols.
$6.8M
California Attorney General Rob Bonta, alongside six county district attorneys, announced a $49 million settlement with Kaiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals resolving allegations of unlawful disposal of hazardous waste, medical waste, and protected patient health information. Investigations of 16 Kaiser facilities found hundreds of hazardous and medical waste items and over 10,000 paper records containing data of more than 7,700 patients in unsecured dumpsters. The settlement requires Kaiser to pay up to $49 million in penalties and compliance costs, retain an independent auditor for five years of regular audits, and implement enhanced waste and data disposal procedures.
$49.0M
California Attorney General Rob Bonta, alongside six county district attorneys, announced a $49 million settlement with Kaiser Foundation Health Plan, Inc. and Kaiser Foundation Hospitals resolving allegations of unlawful disposal of hazardous waste, medical waste, and protected health information at Kaiser’s California facilities. Undercover inspections of 16 Kaiser facilities found hundreds of hazardous and medical waste items, plus over 10,000 paper records containing personal information of more than 7,700 patients in unsecured, publicly accessible dumpsters. The settlement requires Kaiser to pay $49 million total, implement enhanced compliance measures, and retain an independent auditor for five years to conduct regular waste and programmatic compliance audits.
$49.0M
California Attorney General Xavier Becerra announced an $8.69 million settlement with health insurer Anthem, Inc. resolving allegations that the company violated state and federal privacy laws by failing to protect patient personal data in a 2014 data breach. The breach, announced in 2015, exposed personal information of 78 million consumers nationwide, including 13.5 million Californians, due to Anthem’s inadequate information security practices. The settlement includes injunctive terms requiring Anthem to overhaul its information security program to address vulnerabilities that enabled the breach.
$8.7M
California Attorney General Xavier Becerra, leading a multistate coalition of all 50 states, the District of Columbia, and Puerto Rico, announced a settlement with Equifax over a 2017 data breach that exposed personal information of 147 million consumers, including 15 million Californians. The breach resulted from Equifax’s failure to apply a critical software patch and implement adequate security measures, with disclosure delayed for months after discovery. Equifax will pay $175 million in state penalties, up to $425 million in consumer restitution, and implement enhanced data security measures and ten years of free credit monitoring for affected consumers.
$175.0M
Premera Blue Cross suffered a data breach in 2014 that exposed personal and medical information of 10.5 million consumers. As part of a multistate settlement, Premera agreed to pay $10 million in civil penalties and implement security improvements and a compliance program. California will receive over $1 million from the settlement.
$10.0M
Uber Technologies, Inc. settled for $148 million over a 2016 data breach that exposed 57 million users' personal information. The company was accused of covering up the breach by paying hackers and failing to notify authorities or affected drivers as required by law. The settlement includes a large penalty and mandates robust data security practices, privacy-by-design integration, and regular reporting to prevent future incidents.
$148.0M
Target settled a multi-state enforcement action for a 2013 data breach that exposed payment card information of over 40 million customers due to inadequate security. The $18.5 million settlement requires Target to implement advanced security measures, and California receives over $1.4 million.
$18.5M
Anthem Blue Cross printed Social Security numbers on mailed letters, exposing the personal information of over 33,000 Medicare subscribers. The settlement requires the company to improve data security measures, provide employee training, and pay $150,000. This action aims to prevent future privacy violations.
$150K
All data sourced from official government enforcement pages.