1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Connecticut Attorney General William Tong submitted testimony in support of genetic privacy legislation that would grant residents exclusive control over their DNA and genetic data. The legislation is inspired by his office's investigation into 23andMe's data breach affecting over six million customers and the company's subsequent bankruptcy. The bill requires express consent for DNA use, imposes security measures, and prohibits marketing use of DNA.
Comstar, LLC, an ambulance billing vendor, suffered a data breach in March 2022 that exposed sensitive patient information, including Social Security numbers and medical records, of over 349,000 residents in Connecticut and Massachusetts. The settlement requires Comstar to pay $515,000 and implement enhanced security measures such as phishing protection and annual security assessments.
$515K
Connecticut Attorney General William Tong, along with California and New York Attorneys General, settled with Illuminate Education, Inc. for failing to protect student data in a breach that exposed personal information of millions of students. The settlement, the first under Connecticut's Student Data Privacy Law, requires Illuminate to pay $5.1 million and implement enhanced cybersecurity measures.
$5.1M
Connecticut filed a statement of interest in the bankruptcy of Prospect Medical Holdings, alleging years of mismanagement that harmed patients and led to a ransomware attack compromising the data of 212,369 residents. The state seeks to ensure a responsible transition of hospitals and hold Prospect accountable for its misconduct.
Connecticut Attorney General William Tong, leading a coalition of 19 attorneys general, secured a temporary restraining order blocking DOGE and Elon Musk from accessing Treasury Department payment systems containing sensitive personal data. The court found the Trump Administration illegally granted unauthorized access, exposing Americans' bank account details and Social Security numbers. The order mandates destruction of downloaded materials and restricts access to vetted civil servants.
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general in suing President Trump and the U.S. Treasury to stop DOGE's unauthorized access to the Treasury's central payment system and confidential records, calling it the largest data breach in American history. The lawsuit seeks an injunction to block the expanded access policy and a declaration that it is unlawful.
Connecticut Attorney General William Tong filed a lawsuit against President Trump and the U.S. Treasury Department to stop DOGE's unauthorized access to the Treasury's central payment system, which contains sensitive personal information like bank details and Social Security numbers. The lawsuit seeks an injunction and a declaration that the new policy granting access to Elon Musk and DOGE members is unlawful and jeopardizes data security.
Guardian Analytics, Inc. and Actimize, Inc. settled with the Connecticut Attorney General over a data breach affecting 157,629 Connecticut residents. The breach, from November 2022 to January 2023, exposed personal information due to security failures. The settlement includes a $500,000 penalty and mandatory cybersecurity improvements.
$500K
A multistate settlement with Marriott International for a data breach affecting 131.5 million guest records. Marriott failed to secure the Starwood network from 2014 to 2018, exposing personal information. The settlement includes a $52 million payment and requires Marriott to implement enhanced cybersecurity measures and consumer protections.
$52.0M
Connecticut Attorney General William Tong urged residents to enroll in free credit monitoring and identity theft protection following the Change Healthcare cyberattack in February 2024, which exposed sensitive health data. The breach potentially impacted up to one-third of Americans, but Change Healthcare has failed to provide individual notice to affected consumers. The AG joined other attorneys general in April 2024 to demand that UnitedHealth Group take more meaningful action to protect those harmed.
Connecticut, as part of a 40-state coalition, secured multistate settlements totaling over $16 million with Experian and T-Mobile related to data breaches in 2012 and 2015 that exposed consumers' personal information. Experian agreed to pay $12.67 million and implement enhanced data security measures, while T-Mobile agreed to pay $2.43 million and strengthen vendor management. Additionally, Experian Data Corp. paid $1 million to resolve a separate 2012 breach investigation, with all entities required to improve data protection practices.
$16.0M
Connecticut, co-leading a multistate investigation, secured a $1.25 million settlement with Carnival Cruise Line over a 2019 data breach affecting approximately 180,000 individuals nationwide. The breach exposed sensitive data including passport numbers, driver's licenses, payment card information, and health data, with a 10-month delay in notification. Carnival agreed to implement enhanced email security measures, a breach response plan, and an independent security assessment.
$1.3M
In March 2022, Connecticut Attorney General William Tong announced that Connecticut is co-leading a multistate investigation into T-Mobile's 2021 data breach, which affected over 53 million individuals. The breach compromised sensitive data including names, dates of birth, Social Security Numbers, and driver's license information. Tong urged affected consumers to take protective steps such as credit monitoring and freezes.
All data sourced from official government enforcement pages.