1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
The FTC and HHS sent warning letters to approximately 130 hospital systems and telehealth providers about the privacy and security risks of using online tracking technologies, such as Meta/Facebook pixel and Google Analytics, which may impermissibly disclose sensitive health information to third parties. The agencies emphasized that such disclosures could violate HIPAA for covered entities and the FTC Act for others, citing recent enforcement actions against companies like BetterHelp and GoodRx.
The FTC settled with genetic testing company 1Health.io for failing to secure sensitive genetic and health data, deceiving consumers about data deletion, and unfairly changing its privacy policy without notice or consent. The settlement includes refunds totaling over $49,500 to 2,432 affected consumers.
$50K
The FTC finalized an order against Chegg Inc. for failing to secure student data, leading to breaches that exposed personal information of about 40 million users and employees. Chegg must implement a comprehensive security program, limit data collection, offer multifactor authentication, and allow data access and deletion.
The FTC settled with Flo Health, Inc., developer of a popular fertility-tracking app, alleging it misled users by sharing sensitive health data with third-party analytics providers like Facebook and Google after promising to keep such data private. The proposed consent order requires Flo to obtain user consent before sharing health data, notify affected users, and destroy previously shared data, among other requirements.
All data sourced from official government enforcement pages.