1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
A multistate coalition of 50 attorneys general, including New Jersey, reached a $52 million settlement with Marriott International, Inc. for two data breaches that exposed personal information of over 131 million consumers. The breaches resulted from inadequate cybersecurity practices at Starwood and Marriott networks. The settlement mandates comprehensive security improvements and monetary penalties.
$52.0M
Enzo Biochem, Inc. agreed to pay $4.5 million and strengthen its cybersecurity practices to settle allegations that deficient data security led to a ransomware attack exposing the health data of 2.4 million patients. The multistate enforcement action was led by New Jersey with New York and Connecticut.
$4.5M
New Jersey Attorney General Matthew Platkin announced a multistate settlement where Morgan Stanley will pay $1.27 million to NJ over data security incidents that compromised personal information of over 755,000 NJ residents and millions nationwide. The incidents involved improper decommissioning of devices and a software flaw, leading to unauthorized access. The settlement requires Morgan Stanley to strengthen its data security and disposal procedures.
$1.3M
Blackbaud, a software company, experienced a ransomware attack in 2020 that exposed sensitive personal information, including protected health data, due to inadequate security practices and delayed breach notification. A multistate investigation resulted in a $49.5 million settlement, requiring Blackbaud to enhance data security, implement breach response plans, and undergo third-party assessments.
$49.5M
EyeMed Vision Care suffered a data breach in June 2020 due to poor security practices, including shared passwords, exposing personal and medical information of approximately 2.1 million individuals. The multistate settlement imposes a $2.5 million penalty and requires EyeMed to implement enhanced security measures and comply with privacy laws.
$2.5M
New Jersey Attorney General Matthew J. Platkin announced a multistate settlement with Experian and T-Mobile over a 2015 data breach that compromised personal information of over 15 million consumers. The companies will pay over $16 million to states and agree to improve data security and vendor management practices. New Jersey will receive approximately $500,000 from the settlement.
$16.0M
Wawa Inc. agreed to pay $8 million to resolve a multistate investigation into a data breach that compromised approximately 34 million payment cards between April 2019 and December 2019. The breach involved malware that harvested card data from point-of-sale terminals. New Jersey will receive $2.5 million, and Wawa must implement enhanced cybersecurity measures including a comprehensive security program and third-party audits.
$8.0M
New Jersey, as part of a multistate coalition, settled with Carnival Cruise Line over a 2019 data breach that compromised personal information of approximately 180,000 employees and customers nationwide. The breach resulted from deficiencies in Carnival's data security program and delayed breach notification. Carnival will pay $1.25 million and implement enhanced email security and breach response measures.
$1.3M
Command Marketing Innovations, LLC and Strategic Content Imaging, LLC settled allegations that they violated the New Jersey Consumer Fraud Act and HIPAA by failing to safeguard protected health information, exposing the data of 55,715 New Jersey residents. The companies agreed to pay $130,000 in penalties and implement comprehensive security measures, including appointing security officers and providing employee training.
$130K
AMCA suffered an eight-month data breach from August 2018 to March 2019, exposing personal information including Social Security numbers, payment card data, and medical test details of over 7 million individuals nationwide, including 246,000 New Jersey residents. The multistate settlement requires AMCA to implement enhanced data security measures and pay $21 million, though payment is suspended due to the company's financial situation.
$21.0M
New Jersey participated in a multi-state settlement resolving an investigation into a 2017 data breach at Sabre Hospitality Solutions. Intruders accessed the company's hotel booking system from August 2016 to March 2017, compromising data from over 1.3 million consumer credit cards, including CVV numbers and expiration dates. Sabre failed to promptly notify affected consumers. The $2.4 million settlement requires Sabre to implement enhanced data security measures, develop a breach notification plan, clarify contractual responsibilities with client hotels, and undergo third-party security assessments.
$2.4M
New Jersey joined a multistate $2 million settlement with online retailer CafePress over a 2019 data breach that exposed personal information of approximately 22 million consumers nationwide, including over 540,000 in New Jersey. The settlement requires CafePress to implement a comprehensive cybersecurity program, incident response plan, and third-party assessments for five years, with payment suspended pending compliance.
$2.0M
Home Depot settled for $17.5 million over a 2014 data breach that compromised personal information of over 40 million consumers due to inadequate security at self-checkout kiosks. The settlement requires extensive cybersecurity reforms including an information security program, employee training, and encryption. New Jersey receives $579,623 from the multi-state settlement.
$17.5M
New Jersey Attorney General settled with Community Health Systems, Inc. over a 2014 data breach affecting 6.1 million patients, including over 45,000 New Jersey residents. CHS will pay $5 million to 28 states and implement enhanced data security measures to protect personal and health information.
$5.0M
New Jersey Attorney General announced a multi-state settlement with Anthem, Inc. over a 2015 data breach that exposed personal information of over 78 million Americans, including 1.15 million New Jersey residents. Anthem will pay $39.5 million to participating states and implement enhanced cybersecurity measures.
$39.5M
Neiman Marcus settled a multi-state investigation over a 2013 data breach that compromised payment card data of approximately 370,000 consumers nationwide, including 17,000 in New Jersey. The company agreed to pay $1.5 million and implement enhanced cybersecurity measures such as PCI compliance, network monitoring, and regular security assessments.
$1.5M
EmblemHealth, Inc. settled with the New Jersey Attorney General over a 2016 data breach where Medicare Health Insurance Claim Numbers (containing Social Security numbers) were improperly disclosed on mailing labels to over 81,000 customers, including 6,443 in New Jersey. The company agreed to pay a $100,000 civil penalty and implement compliance reforms including ceasing use of HICNs with SSNs, enhancing employee training, and notifying the state of future breaches.
$100K
Aetna, Inc. settled with New Jersey and other states over allegations that it improperly disclosed protected health information of thousands of individuals through mailings that revealed HIV/AIDS status and AFib study participation. The settlement requires Aetna to implement policy reforms, hire an independent consultant, and pay a civil penalty of $365,211.59 to New Jersey.
$365K
Uber Technologies, Inc. agreed to pay $148 million to settle a multi-state investigation into a data breach that compromised personal information of riders and drivers. The breach occurred in November 2016 but was not disclosed until November 2017. Uber must adopt new policies to safeguard consumer data.
$148.0M
Lightyear Dealer Technologies (DealerBuilt) settled an investigation into a 2016 data breach where a misconfigured file system exposed personal data, including social security numbers and bank information, of thousands of auto dealership customers nationwide. The settlement includes an $80,784 payment (with $20,000 suspended) and mandatory cybersecurity reforms.
$49K
The New Jersey Attorney General announced an investigation into how the personal information of millions of Facebook users was harvested and obtained by Cambridge Analytica, a UK-based data analytics company. The AG expressed concern that Facebook may have allowed the harvesting and monetization of user data despite promises to keep it secure.
New Jersey Attorney General Christopher Porrino announced that New Jersey has joined a multi-state investigation into Equifax following a data breach affecting 143 million consumers. The multi-state group sent a letter demanding Equifax disable fee-based credit monitoring services and reimburse consumers for credit freeze fees with other bureaus, citing unfair practices and a months-long delay in breach disclosure.
Nationwide Insurance settled a multi-state investigation into a 2012 data breach that exposed personal information of 1.27 million consumers due to failure to apply a security patch. The settlement requires enhanced security practices, hiring a Technology Officer, and a $5.5 million payment to the states.
$5.5M
Target Corp. agreed to pay $18.5 million to resolve a multi-state investigation into the November 2013 data breach that compromised payment card information of over 41 million shoppers. The settlement requires Target to implement comprehensive cybersecurity reforms, including a dedicated Information Security Program, encryption, network segmentation, and third-party assessments.
$18.5M
All data sourced from official government enforcement pages.