1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
River City Eye Care, LLC (Healthcare Provider, OR) reported a HIPAA breach affecting 6,588 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Coalesce, LLC dba Benefitelect (Business Associate, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong joined 18 other attorneys general in filing a comment letter opposing a U.S. Department of Education proposal to expand data collection on race, admissions, and student performance from colleges and universities. The coalition argues the proposal is unreasonably burdensome, unlikely to yield quality data, and could be misused to target lawful diversity, equity, and inclusion initiatives, raising student privacy concerns.
California Attorney General Rob Bonta led a coalition of 18 attorneys general in submitting a comment letter opposing the U.S. Department of Education's proposal to collect extensive student data on race, admissions, and financial aid. The coalition argues the data collection is burdensome, unlikely to yield quality data, and may be misused to target lawful diversity, equity, and inclusion efforts.
Florida Attorney General James Uthmeier filed a civil enforcement action against Roku, Inc. for violating the Florida Digital Bill of Rights (FDBOR) and Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The complaint alleges Roku collected, sold, and enabled reidentification of children’s sensitive personal data, including viewing habits and voice recordings, without parental consent or meaningful notice to consumers. The state seeks civil penalties, injunctive relief, and requirements for Roku to implement transparent disclosures, lawful parental controls, and cease unauthorized processing of children’s data.
Texas Attorney General Ken Paxton secured a settlement agreement with Austin Diagnostic Clinic to end its policy of restricting parental access to children’s electronic health records. The agreement requires the clinic to provide parents with full, real-time access to their children’s medical information except where restricted by state or federal law, and the AG will monitor compliance.
Wellpoint, Inc. (Business Associate, IN) reported a HIPAA breach affecting 579 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cardiovascular Medicine Associates (doing business as MyCardiologist) (Healthcare Provider, FL) reported a HIPAA breach affecting 2,248 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Texas Attorney General opened an investigation into TP-Link Systems Inc. for potentially allowing the Chinese government to access Texans' consumer data through back doors in networking equipment. The investigation will examine whether TP Link violated Texas privacy law by misleading consumers about its independence and improperly collecting or disclosing data. This follows a prior privacy notice violation issued to the company.
Harris County Hospital District d/b/a Harris Health (Healthcare Provider, TX) reported a HIPAA breach affecting 5,357 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
California Attorney General Rob Bonta filed a lawsuit against the City of El Cajon for unlawfully sharing Automated License Plate Reader (ALPR) data with over 100 out-of-state law enforcement agencies, violating state law that restricts such data to California public agencies. The AG is seeking a court order to halt the sharing and compel compliance with state privacy protections.
Arizona Health Care Cost Containment System- State Medicaid Agency (Health Plan, AZ) reported a HIPAA breach affecting 3,177 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Florida Health Sciences Center, Inc (Healthcare Provider, FL) reported a HIPAA breach affecting 896 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Governing Magazine recognized Connecticut Attorney General William Tong as a 2025 Public Official of the Year for his bipartisan enforcement leadership, highlighting major settlements including the $6 billion Purdue Pharma opioid case and $440 million JUUL e-cigarette marketing settlement.
Connecticut Attorney General William Tong, along with attorneys general from Arizona, New York, Virginia, Washington, and the FTC, sued Zillow and Redfin for an anticompetitive agreement where Zillow paid Redfin $100 million to exit the multifamily rental listing market. The complaint alleges violations of the Sherman Act and Clayton Act, claiming the agreement reduces competition and could lead to higher rents.
Weekend Health, LLC (Business Associate, NY) reported a HIPAA breach affecting 1,643 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
The FTC filed a complaint against Iconic Hearts Holdings, Inc., operator of the Sendit anonymous messaging app, for unlawfully collecting personal data from children in violation of COPPA, misleading users by sending messages from fake personas, and tricking consumers into paid subscriptions by falsely promising to reveal anonymous senders.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 607 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Belkorp Ag, LLC (Health Plan, CA) reported a HIPAA breach affecting 942 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gainwell Technologies LLC (Business Associate, TX) reported a HIPAA breach affecting 912 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
VIVA Health (Health Plan, AL) reported a HIPAA breach affecting 4,945 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Intercommunity Action Inc. (Healthcare Provider, PA) reported a HIPAA breach affecting 2,680 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Healthcare Interactive (Business Associate, MD) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A coalition of 21 state attorneys general led by New York Attorney General Letitia James obtained a temporary restraining order from the District Court for the Northern District of California blocking the USDA from demanding personally identifiable information of all SNAP recipients, including Social Security numbers, home addresses, and immigration statuses. The lawsuit argued that the USDA’s demand violated federal and state laws prohibiting disclosure of SNAP data except in narrow circumstances, and that the data would be used for immigration enforcement against recipients. The order also prohibits the USDA from withholding SNAP funding from plaintiff states that refuse to comply with the data demand.
New York Attorney General Letitia James and a coalition of 20 other states sued the U.S. Department of Agriculture to stop its demand for personal information of SNAP recipients for immigration enforcement. The District Court issued a temporary restraining order blocking USDA's demand and preventing funding cuts, citing violations of laws protecting SNAP data confidentiality.
Trusteed Plan Services Corporation (Business Associate, WA) reported a HIPAA breach affecting 7,977 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Munson Healthcare (Healthcare Provider, MI) reported a HIPAA breach affecting 1,186 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Florida Attorney General James Uthmeier filed complaints against multiple pornography websites for violating Florida's age-verification law by not verifying users' ages, allowing children access to harmful material. The law requires such sites to implement age verification, and violations can result in fines up to $50,000 per violation. The complaints seek injunctions, civil penalties, and compliance with the law.
North Penn Comprehensive Health Services d.b.a Laurel Health Centers (Healthcare Provider, PA) reported a HIPAA breach affecting 991 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Cookeville Regional Medical Center (Healthcare Provider, TN) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.