1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
The FTC proposed a consent order against Global Tel*Link Corp. for failing to secure sensitive user data, leading to a breach affecting nearly 650,000 consumers, and for delaying notification for about nine months. The order requires the company to implement a comprehensive security program, notify affected users with credit monitoring, and report future breaches promptly.
The FTC and CFPB settled with Trans Union LLC and its subsidiary for violating the Fair Credit Reporting Act by including inaccurate and incomplete eviction records in tenant screening reports, harming consumers' ability to obtain housing. The settlement requires Trans Union to pay $15 million, with $11 million for consumer compensation and $4 million as a civil penalty, and to implement measures to ensure report accuracy and disclose data sources.
$15.0M
The FTC issued warnings to five tax preparation companies against using or disclosing consumer tax data for unrelated purposes like advertising without explicit consent. The agency cites its penalty offense authority, referencing a previous case against Beneficial Corp, and warns that such practices violate the FTC Act and could incur penalties up to $50,120 per violation. The notices highlight that using tracking technologies for data collection without consent is also prohibited.
The FTC settled with background report providers TruthFinder and Instant Checkmate, charging they deceived consumers about the accuracy of their reports (often mischaracterizing traffic tickets as criminal records) and violated the Fair Credit Reporting Act (FCRA) by operating as consumer reporting agencies without following its requirements, including ensuring accuracy and limiting permissible purposes. The companies will pay a $5.8 million penalty and implement a comprehensive FCRA compliance monitoring program.
$5.8M
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
Attorney General William Tong of Connecticut led a bipartisan coalition of 30 state attorneys general in submitting comments to the Federal Trade Commission. The comments aim to improve collaboration between the FTC and state AGs to prevent and prosecute unfair and deceptive practices, addressing issues raised by the AMG Capital decision that may limit restitution. The coalition emphasizes the importance of joint efforts for national consumer protection.
The FTC settled charges against Experian Consumer Services for violating the CAN-SPAM Act by sending marketing emails to consumers who signed up for credit management accounts without providing an opt-out mechanism. The emails promoted products like Experian Boost and Dark Web scans but lacked unsubscribe links. Experian must pay $650,000 and is prohibited from future violations.
$650K
The FTC and HHS sent warning letters to approximately 130 hospital systems and telehealth providers about the privacy and security risks of using online tracking technologies, such as Meta/Facebook pixel and Google Analytics, which may impermissibly disclose sensitive health information to third parties. The agencies emphasized that such disclosures could violate HIPAA for covered entities and the FTC Act for others, citing recent enforcement actions against companies like BetterHelp and GoodRx.
BetterHelp agreed to pay $7.8 million to settle FTC allegations that it used and shared consumers' health data for advertising without consent. The online therapy provider is banned from such practices and must provide refunds to approximately 800,000 affected consumers.
$7.8M
The FTC settled with genetic testing company 1Health.io for failing to secure sensitive genetic and health data, deceiving consumers about data deletion, and unfairly changing its privacy policy without notice or consent. The settlement includes refunds totaling over $49,500 to 2,432 affected consumers.
$50K
The FTC charged Ring LLC with allowing employees to access private customer videos without consent and failing to secure user accounts, leading to hackers controlling cameras. Under a proposed consent order, Ring must pay $5.8 million in refunds, delete unlawfully accessed data, and implement a privacy and security program.
$5.8M
The FTC and DOJ charged Amazon with violating COPPA by indefinitely retaining children's Alexa voice recordings and failing to honor parents' deletion requests. Under a proposed consent decree, Amazon must pay $25 million, delete children's data, and implement privacy safeguards.
$25.0M
The FTC charged Easy Healthcare Corporation, operator of the Premom fertility app, with deceiving users by sharing their sensitive health data with third parties for advertising without consent and failing to notify breaches as required by the Health Breach Notification Rule. Under a proposed consent decree, the company will pay a $100,000 civil penalty, be barred from sharing health data for advertising, and must implement privacy and security measures.
$100K
The FTC proposed modifications to its 2020 privacy order with Meta, alleging violations including non-compliance with the order, misleading parents about Messenger Kids, and unauthorized data sharing. The proposed changes include banning monetization of youth data, pausing new product launches, and strengthening privacy requirements.
The FTC settled with Ring for failing to secure consumer videos, allowing unauthorized access by employees and hackers. Ring agreed to provide $5.6 million in refunds to affected customers and implement security measures.
$5.6M
The FTC proposed a consent order against BetterHelp for sharing consumers' sensitive mental health data with third parties like Facebook for targeted advertising without proper consent. BetterHelp must pay $7.8 million in refunds and is banned from such data sharing, with requirements for consent and privacy programs.
$7.8M
The FTC settled with GoodRx for sharing consumers' sensitive prescription and health information with Facebook, Google, and other third parties for advertising without consent, and for failing to report these unauthorized disclosures as required by the Health Breach Notification Rule. GoodRx will pay a $1.5 million civil penalty and is permanently barred from sharing user health data for advertising.
$1.5M
The FTC finalized an order against Chegg Inc. for failing to secure student data, leading to breaches that exposed personal information of about 40 million users and employees. Chegg must implement a comprehensive security program, limit data collection, offer multifactor authentication, and allow data access and deletion.
The FTC finalized an order against Drizly and its CEO for security failures that led to a data breach exposing 2.5 million consumers' personal information. Drizly failed to implement basic security measures despite prior alerts. The order requires Drizly to destroy unnecessary data, implement a security program, and publicly detail data collection practices.
Epic Games, maker of Fortnite, violated children's privacy laws by collecting data from under-13 users without parental consent and used deceptive designs to trick users into unintended purchases. The FTC secured a $275 million civil penalty and $245 million in consumer refunds, with requirements to enhance privacy defaults, delete improperly collected data, implement a privacy program, and prohibit dark patterns and account locking for charge disputes.
$275.0M
The FTC extended the compliance deadline for certain provisions of the Safeguards Rule by six months to June 9, 2023, due to challenges like shortage of qualified personnel and supply chain issues exacerbated by the COVID-19 pandemic. The rule requires non-banking financial institutions to implement enhanced data security measures, and the extension aims to facilitate compliance, especially for small entities.
The FTC and CFPB filed an amicus brief with the Third Circuit Court of Appeals to overturn a lower court ruling that exempted furnishers from investigating indirect disputes under the FCRA. The brief argues that all disputes must be investigated to ensure consumers can correct inaccurate credit information and be notified of outcomes, upholding key FCRA protections.
Harris Jewelry defrauded servicemembers with deceptive marketing, inflated prices, and hidden fees. A multistate settlement requires $34.2 million in refunds and debt relief, stops debt collection, and dissolves the business, affecting over 46,000 servicemembers.
$1.0M
The FTC finalized an order against CafePress for failing to secure consumer data and covering up a data breach. The company must implement comprehensive security measures, and its former owner must pay $500,000 in redress to victims.
$500K
The FTC obtained an injunction against Turbo Solutions Inc. and Alex V. Miller for operating a deceptive credit repair scheme that filed fake identity theft reports without consumers' consent. The scheme charged illegal advance fees and made false promises about removing negative credit items. The court order halts the operation and seeks consumer redress.
The FTC took action against CafePress for failing to secure consumer data and covering up a major data breach. The company stored sensitive information insecurely and delayed notifying customers. As part of the settlement, Residual Pumpkin must pay $500,000 in redress, and both companies must implement comprehensive security programs.
$500K
The FTC settled with CafePress for failing to implement reasonable data security measures, leading to multiple breaches that exposed Social Security numbers and other sensitive data. As part of the settlement, over $370,000 in refunds are being distributed to 20,044 consumers who filed valid claims.
$370K
The FTC settled with CafePress's former owner Residual Pumpkin Entity, LLC and buyer PlanetArt, LLC over data security failures that led to a breach exposing Social Security numbers and other sensitive data. Residual Pumpkin paid $500,000 for victim compensation, and both companies must implement comprehensive security programs. A claims process is open for affected consumers until March 10, 2024.
$500K
The FTC settled with Ascension Data & Analytics, LLC for violating the Gramm-Leach-Bliley Act's Safeguards Rule by failing to ensure its vendor properly protected consumer data. The company must strengthen its security safeguards and increase oversight of vendors. No monetary penalty was imposed.
The FTC finalized an order banning Support King, LLC and its CEO from the surveillance business for selling stalkerware apps that secretly collected and shared users' personal data without consent. The order requires them to delete all illegally collected data and notify affected device owners.
All data sourced from official government enforcement pages.