1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
New Jersey Attorney General Matthew J. Platkin joined a coalition of 20 attorneys general in filing a lawsuit against the U.S. Department of Agriculture (USDA) for demanding that states turn over sensitive personal information of SNAP recipients, including Social Security numbers and addresses. The lawsuit argues that this demand violates federal privacy laws and the Constitution, as the data is protected and should only be used for program administration. The coalition seeks to block USDA from conditioning SNAP funding on compliance with this demand.
New Jersey Attorney General Matthew J. Platkin joined a coalition of 19 attorneys general in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE unauthorized access to the U.S. Treasury Department's central payment system, which contains sensitive personal information such as Social Security numbers and bank details. The lawsuit seeks an injunction to halt this policy and a declaration that it is unlawful and unconstitutional.
Enzo Biochem, Inc. agreed to pay $4.5 million and strengthen its cybersecurity practices to settle allegations that deficient data security led to a ransomware attack exposing the health data of 2.4 million patients. The multistate enforcement action was led by New Jersey with New York and Connecticut.
$4.5M
New Jersey Attorney General Matthew Platkin announced a multistate settlement where Morgan Stanley will pay $1.27 million to NJ over data security incidents that compromised personal information of over 755,000 NJ residents and millions nationwide. The incidents involved improper decommissioning of devices and a software flaw, leading to unauthorized access. The settlement requires Morgan Stanley to strengthen its data security and disposal procedures.
$1.3M
New Jersey, leading a coalition of 41 other attorneys general, sued Meta for knowingly designing addictive Instagram and Facebook features targeting children and teens while falsely claiming the platforms were safe. The lawsuit alleges Meta collected personal data from users under 13 without parental consent, violating the federal Children's Online Privacy Protection Act (COPPA) and state consumer protection laws like the New Jersey Consumer Fraud Act.
EyeMed Vision Care suffered a data breach in June 2020 due to poor security practices, including shared passwords, exposing personal and medical information of approximately 2.1 million individuals. The multistate settlement imposes a $2.5 million penalty and requires EyeMed to implement enhanced security measures and comply with privacy laws.
$2.5M
Wawa Inc. agreed to pay $8 million to resolve a multistate investigation into a data breach that compromised approximately 34 million payment cards between April 2019 and December 2019. The breach involved malware that harvested card data from point-of-sale terminals. New Jersey will receive $2.5 million, and Wawa must implement enhanced cybersecurity measures including a comprehensive security program and third-party audits.
$8.0M
New Jersey, as part of a multistate coalition, settled with Carnival Cruise Line over a 2019 data breach that compromised personal information of approximately 180,000 employees and customers nationwide. The breach resulted from deficiencies in Carnival's data security program and delayed breach notification. Carnival will pay $1.25 million and implement enhanced email security and breach response measures.
$1.3M
New Jersey participated in a multi-state settlement resolving an investigation into a 2017 data breach at Sabre Hospitality Solutions. Intruders accessed the company's hotel booking system from August 2016 to March 2017, compromising data from over 1.3 million consumer credit cards, including CVV numbers and expiration dates. Sabre failed to promptly notify affected consumers. The $2.4 million settlement requires Sabre to implement enhanced data security measures, develop a breach notification plan, clarify contractual responsibilities with client hotels, and undergo third-party security assessments.
$2.4M
New Jersey joined a multistate $2 million settlement with online retailer CafePress over a 2019 data breach that exposed personal information of approximately 22 million consumers nationwide, including over 540,000 in New Jersey. The settlement requires CafePress to implement a comprehensive cybersecurity program, incident response plan, and third-party assessments for five years, with payment suspended pending compliance.
$2.0M
New Jersey Attorney General settled with Community Health Systems, Inc. over a 2014 data breach affecting 6.1 million patients, including over 45,000 New Jersey residents. CHS will pay $5 million to 28 states and implement enhanced data security measures to protect personal and health information.
$5.0M
Neiman Marcus settled a multi-state investigation over a 2013 data breach that compromised payment card data of approximately 370,000 consumers nationwide, including 17,000 in New Jersey. The company agreed to pay $1.5 million and implement enhanced cybersecurity measures such as PCI compliance, network monitoring, and regular security assessments.
$1.5M
Virtua Medical Group agreed to pay $417,816 and implement a corrective action plan to settle allegations that it failed to properly secure electronic protected health information (ePHI). A vendor's server misconfiguration publicly exposed the medical records of over 1,650 patients via Google searches. The New Jersey Division of Consumer Affairs found VMG violated HIPAA's Security and Privacy Rules by not adequately vetting the vendor's security and failing to conduct proper risk analysis.
$418K
The New Jersey Attorney General announced an investigation into how the personal information of millions of Facebook users was harvested and obtained by Cambridge Analytica, a UK-based data analytics company. The AG expressed concern that Facebook may have allowed the harvesting and monetization of user data despite promises to keep it secure.
New Jersey joined 31 other states and the FTC in a $3.5 million settlement with Lenovo for pre-installing VisualDiscovery ad software on laptops that created a 'man-in-the-middle' security vulnerability, intercepting users' encrypted data without adequate disclosure or opt-out mechanisms. The settlement requires Lenovo to improve transparency, obtain affirmative consent, provide effective opt-out tools, and implement a long-term security compliance program with independent audits.
$3.5M
Nationwide Insurance settled a multi-state investigation into a 2012 data breach that exposed personal information of 1.27 million consumers due to failure to apply a security patch. The settlement requires enhanced security practices, hiring a Technology Officer, and a $5.5 million payment to the states.
$5.5M
Google settled multi-state allegations that it collected personal data from unsecured wireless networks during Street View operations without user consent. The settlement requires Google to destroy the collected data, refrain from future non-consensual collection, implement a 10-year employee privacy training program, and run a public advertising campaign. New Jersey's share of the settlement is approximately $147,000.
All data sourced from official government enforcement pages.