1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Comstar, LLC, an ambulance billing vendor, suffered a data breach in March 2022 that exposed sensitive patient information, including Social Security numbers and medical records, of over 349,000 residents in Connecticut and Massachusetts. The settlement requires Comstar to pay $515,000 and implement enhanced security measures such as phishing protection and annual security assessments.
$515K
Connecticut Attorney General William Tong, along with California and New York Attorneys General, settled with Illuminate Education, Inc. for failing to protect student data in a breach that exposed personal information of millions of students. The settlement, the first under Connecticut's Student Data Privacy Law, requires Illuminate to pay $5.1 million and implement enhanced cybersecurity measures.
$5.1M
Connecticut filed a statement of interest in the bankruptcy of Prospect Medical Holdings, alleging years of mismanagement that harmed patients and led to a ransomware attack compromising the data of 212,369 residents. The state seeks to ensure a responsible transition of hospitals and hold Prospect accountable for its misconduct.
Connecticut Attorney General William Tong filed a lawsuit against President Trump and the U.S. Treasury Department to stop DOGE's unauthorized access to the Treasury's central payment system, which contains sensitive personal information like bank details and Social Security numbers. The lawsuit seeks an injunction and a declaration that the new policy granting access to Elon Musk and DOGE members is unlawful and jeopardizes data security.
Connecticut Attorney General William Tong joined a coalition of 12 attorneys general to announce they will file a lawsuit against the U.S. Department of the Treasury and DOGE for unlawfully granting Elon Musk and DOGE staff access to sensitive personal information and payment systems. The AGs argue this unauthorized access threatens privacy rights and essential payments for millions of Americans. The lawsuit seeks to revoke access and prevent further interference.
Guardian Analytics, Inc. and Actimize, Inc. settled with the Connecticut Attorney General over a data breach affecting 157,629 Connecticut residents. The breach, from November 2022 to January 2023, exposed personal information due to security failures. The settlement includes a $500,000 penalty and mandatory cybersecurity improvements.
$500K
A multistate settlement with Marriott International for a data breach affecting 131.5 million guest records. Marriott failed to secure the Starwood network from 2014 to 2018, exposing personal information. The settlement includes a $52 million payment and requires Marriott to implement enhanced cybersecurity measures and consumer protections.
$52.0M
Connecticut Attorney General William Tong, along with New York and New Jersey attorneys general, secured a $4.5 million settlement from Enzo Biochem, Inc. for failing to protect patient health data, resulting in a ransomware attack that compromised 2.4 million patients' information. Enzo must pay the fine and implement enhanced cybersecurity measures including multi-factor authentication and annual risk assessments.
$4.5M
Connecticut Attorney General William Tong joined a bipartisan coalition of 41 attorneys general in sending a letter to Meta Platforms, Inc. to address the rising number of Facebook and Instagram account takeovers by scammers. The coalition criticizes Meta's inadequate security measures and calls for improved protections including multi-factor authentication, increased staffing for response, and stronger enforcement against scammers. The letter urges Meta to take immediate action to safeguard user accounts from hijacking and fraud.
Connecticut Attorney General William Tong launched a consumer protection investigation into Hyundai and Kia for failing to equip vehicles with standard anti-theft immobilizers between 2011 and 2022, leading to high theft rates and public safety concerns. The investigation seeks records on the companies' decision-making and potential fixes, following a coalition of attorneys general calling for a federal recall.
Connecticut, as part of a 40-state coalition, secured multistate settlements totaling over $16 million with Experian and T-Mobile related to data breaches in 2012 and 2015 that exposed consumers' personal information. Experian agreed to pay $12.67 million and implement enhanced data security measures, while T-Mobile agreed to pay $2.43 million and strengthen vendor management. Additionally, Experian Data Corp. paid $1 million to resolve a separate 2012 breach investigation, with all entities required to improve data protection practices.
$16.0M
Connecticut, co-leading a multistate investigation, secured a $1.25 million settlement with Carnival Cruise Line over a 2019 data breach affecting approximately 180,000 individuals nationwide. The breach exposed sensitive data including passport numbers, driver's licenses, payment card information, and health data, with a 10-month delay in notification. Carnival agreed to implement enhanced email security measures, a breach response plan, and an independent security assessment.
$1.3M
In March 2022, Connecticut Attorney General William Tong announced that Connecticut is co-leading a multistate investigation into T-Mobile's 2021 data breach, which affected over 53 million individuals. The breach compromised sensitive data including names, dates of birth, Social Security Numbers, and driver's license information. Tong urged affected consumers to take protective steps such as credit monitoring and freezes.
Connecticut Attorney General William Tong joined a bipartisan coalition of 51 attorneys general in urging the FCC to require gateway providers to implement STIR/SHAKEN caller ID authentication and take additional measures to block foreign-based illegal robocalls that scam Americans.
All data sourced from official government enforcement pages.