1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
New York Attorney General Letitia James secured a settlement with cryptocurrency platform Uphold HQ, Inc. for misleading investors by promoting Cred’s fraudulent CredEarn investment product as a safe, reliable savings option when it involved risky loans to uncreditworthy borrowers. Uphold will pay $5 million to harmed investors, redirect $545,189 in Cred bankruptcy proceeds to affected customers, and implement enhanced due diligence policies for third-party investment products. Uphold must also register as a broker with the Office of the Attorney General.
$5.0M
New York, California, and Connecticut attorneys general reached a $5.1 million settlement with educational technology company Illuminate Education, Inc. for failing to protect student data, resulting in a 2022 breach exposing millions of students’ personal information. The investigation found Illuminate failed to implement basic security measures including data encryption, suspicious activity monitoring, and proper decommissioning of inactive user accounts, and did not delete student data when required by contracts. Illuminate must pay the penalty and implement enhanced data security measures including a comprehensive information security program, encryption of student data, and annual notice to schools about data collection and deletion options.
$5.1M
New York Attorney General Letitia James, joined by 20 other states and Kentucky, filed a lawsuit challenging the Trump administration's policy requiring states to disclose personal information of SNAP recipients to federal agencies. The policy violates privacy laws by demanding sensitive data like Social Security numbers for potential immigration enforcement. The coalition seeks a court injunction to stop the illegal data sharing.
New York Attorney General Letitia James led a multistate lawsuit against Elon Musk and his Department of Government Efficiency (DOGE) for gaining unauthorized access to the U.S. Treasury's payment system, which contains Americans' sensitive personal data and controls vital funding. A federal judge granted a temporary restraining order blocking DOGE from accessing this data and requiring the destruction of any records already obtained, with a preliminary injunction hearing set for February 14, 2025.
New York Attorney General Letitia James, along with the Attorneys General of Connecticut and New Jersey, settled with Enzo Biochem, Inc. for $4.5 million over a 2023 ransomware attack that exposed health and personal data of 2.4 million patients, including 1.4 million New York residents. The investigation found Enzo had inadequate data security practices, including shared employee login credentials, lack of multi-factor authentication, no suspicious activity monitoring, and unencrypted personal information. As part of the settlement, Enzo will pay the penalty and implement enhanced cybersecurity measures including MFA, encryption, risk assessments, and an incident response plan.
$4.5M
Morgan Stanley failed to properly decommission computer devices containing unencrypted customer data, leading to the sale of devices with personal information at auction and missing servers with potential data. A multistate coalition secured a $6.5 million settlement requiring Morgan Stanley to implement enhanced data security measures.
$6.5M
A coalition of 42 attorneys general filed a federal lawsuit against Meta, alleging that the company designed addictive features that harm youth mental health and violated COPPA by collecting children's data without parental consent. The lawsuit seeks injunctive relief, monetary penalties, and restitution.
All data sourced from official government enforcement pages.