1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to implement reasonable data security controls, leading to data breaches that exposed over 825,000 New Yorkers' personal information including driver's license numbers and dates of birth. Hackers exploited vulnerabilities in the companies' online quoting tools to steal the data, which was later used to file fraudulent unemployment claims during the COVID-19 pandemic. The settlements require the companies to pay penalties and implement enhanced cybersecurity measures including data inventory maintenance, multifactor authentication, and improved threat response procedures.
$14.2M
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to protect consumers' personal information. The companies' inadequate cybersecurity allowed hackers to steal driver's license numbers and other data through online quoting tools, impacting over 825,000 New Yorkers. The settlements require the companies to pay penalties and implement enhanced data security measures.
$14.2M
New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne Harris settled with auto insurers GEICO and Travelers for $11.3 million combined over data breaches that exposed over 120,000 New Yorkers’ personal information, including driver’s license numbers and dates of birth. The breaches stemmed from insufficient data security controls, allowing hackers to steal information and file fraudulent unemployment claims during the COVID-19 pandemic. The settlements require the companies to pay penalties and implement enhanced cybersecurity measures including comprehensive information security programs, data inventories, and improved access controls.
$11.3M
GEICO and Travelers were fined $11.3 million for data breaches that exposed personal information of over 120,000 New Yorkers due to inadequate cybersecurity. The breaches involved driver's license numbers being stolen and used in fraudulent unemployment claims. The settlements mandate enhanced security measures and penalties.
$11.3M
A multistate coalition of 50 attorneys general led by New York AG Letitia James reached a $52 million settlement with Marriott International, Inc. over a 2014-2018 data breach of its Starwood subsidiary’s guest reservation database that exposed 131.5 million consumers’ personal information. The breach, which went undetected for four years, compromised contact details, dates of birth, passport numbers, payment card information, and loyalty program data. Marriott is required to overhaul its data security practices, implement new compliance measures, and allow customers to delete their stored data as part of the settlement.
$52.0M
Blackbaud, a cloud company providing donor management software, experienced a 2020 data breach exposing personal information of millions of donors through its nonprofit customers. A multistate investigation found Blackbaud failed to implement adequate data security and delayed breach notifications. As a result, Blackbaud agreed to pay $49.5 million and overhaul its security practices.
$49.5M
All data sourced from official government enforcement pages.