1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Steven J. Pearlman MD PC (Healthcare Provider, NY) reported a HIPAA breach affecting 10,182 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Healthcare Therapy Services, Inc. (Healthcare Provider, IN) reported a HIPAA breach affecting 15,027 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Marshfield Clinic Health System (Healthcare Provider, WI) reported a HIPAA breach affecting 35,952 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Loving and Living Center, PC dba Awakenings Center (Healthcare Provider, NC) reported a HIPAA breach affecting 17,800 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Connecticut Attorney General William Tong, along with California and New York Attorneys General, settled with Illuminate Education, Inc. for failing to protect student data in a breach that exposed personal information of millions of students. The settlement, the first under Connecticut's Student Data Privacy Law, requires Illuminate to pay $5.1 million and implement enhanced cybersecurity measures.
$5.1M
Illuminate Education, Inc. suffered a data breach in 2021 due to security failures, exposing sensitive student data including medical conditions across millions of students. The company has agreed to pay $5.1 million in settlements to California, Connecticut, and New York and implement injunctive relief to strengthen data security practices.
$5.1M
New York, California, and Connecticut attorneys general reached a $5.1 million settlement with educational technology company Illuminate Education, Inc. for failing to protect student data, resulting in a 2022 breach exposing millions of students’ personal information. The investigation found Illuminate failed to implement basic security measures including data encryption, suspicious activity monitoring, and proper decommissioning of inactive user accounts, and did not delete student data when required by contracts. Illuminate must pay the penalty and implement enhanced data security measures including a comprehensive information security program, encryption of student data, and annual notice to schools about data collection and deletion options.
$5.1M
Connecticut Attorney General William Tong filed an expanded complaint against Altice/Optimum Online for deceptive advertising and hidden 'Network Enhancement' fees that collected at least $39.1 million from consumers. The company allegedly misled customers with 'price for life' deals while burying fees in fine print and targeting Spanish speakers with English-only disclosures. The complaint seeks penalties and disgorgement under the Connecticut Unfair Trade Practices Act.
The Chase Group Employee Benefit Plan (Health Plan, NM) reported a HIPAA breach affecting 817 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Archer Health (Healthcare Provider, CA) reported a HIPAA breach affecting 4,285 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Motorola Solutions (Health Plan, IL) reported a HIPAA breach affecting 22,600 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Tampa Bay Treatment Associates (Healthcare Provider, FL) reported a HIPAA breach affecting 3,682 individuals. Breach type: Theft. Location of breached information: Electronic Medical Record.
Denton MHMR Center (Healthcare Provider, TX) reported a HIPAA breach affecting 108,967 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Incyte Pathology, P.S. (Healthcare Provider, WA) reported a HIPAA breach affecting 629 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
California Attorney General Rob Bonta issued an informational bulletin summarizing new responsibilities under SB 81, which expands protections for immigrants' medical information by designating immigration status as protected data under the Confidentiality of Medical Information Act (CMIA) and restricts immigration enforcement access to non-public areas of healthcare facilities.
Expert MRI (Healthcare Provider, CA) reported a HIPAA breach affecting 209,560 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Judson Center (Healthcare Provider, MI) reported a HIPAA breach affecting 976 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Tri Century Eye Care PC (Healthcare Provider, PA) reported a HIPAA breach affecting 200,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Beverly Hills Oncology Medical Group (Healthcare Provider, CA) reported a HIPAA breach affecting 57,655 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton secured a $1.375 billion settlement with Google for unlawfully tracking Texans' geolocation data, incognito browsing activity, and biometric identifiers without consent. This is the largest single-state privacy settlement against Google, significantly larger than multistate settlements. The agreement resolves two major privacy enforcement actions brought by Texas.
$1.4B
California Attorney General Rob Bonta secured a $530,000 settlement with Sling TV for violating the CCPA. The company failed to provide an easy-to-use method for consumers to opt-out of the sale of their personal information and did not provide adequate privacy protections for children. The settlement requires Sling TV to implement specific changes to its opt-out mechanisms and parental controls.
$530K
California Attorney General Rob Bonta joined 15 attorneys general in filing an amicus brief to limit a U.S. DOJ subpoena seeking medical records of transgender youth from Children's Hospital of Philadelphia, arguing it violates patient privacy and could intimidate providers of gender-affirming care.
Connecticut Attorney General William Tong is expanding an inquiry into high grocery prices by sending letters to major food distributors and retailers. The inquiry found no evidence of price gouging at the retail level but will now investigate the supply chain for potential unfair profiteering. The AG also cited factors like tariffs and SNAP cuts that contribute to high prices.
California Attorney General Rob Bonta settled with Sling TV for $530,000 over CCPA violations. Sling TV failed to provide an easy-to-use opt-out mechanism for the sale of personal information and lacked adequate privacy protections for children's data. The settlement requires Sling TV to implement changes to ensure CCPA compliance, including improved opt-out processes and children's privacy safeguards.
$530K
Hale Makua Health Services (Healthcare Provider, HI) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton opened an investigation into Lorex Technology Inc. for allegedly deceptively selling security cameras with components from CCP-linked Dahua, posing privacy and national security risks. The investigation will determine if Lorex misrepresented the cameras as secure and safe for residential use despite known supply chain vulnerabilities and federal restrictions on Dahua products.
Northwest Radiologists, Inc./Mount Baker Imaging (Healthcare Provider, WA) reported a HIPAA breach affecting 362,713 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Better Vision Eyecare, LLC (Healthcare Provider, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Health Management Systems of America (Healthcare Provider, MI) reported a HIPAA breach affecting 4,213 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The California Attorney General conducted an investigation into OpenAI's recapitalization plan and secured a memorandum of understanding ensuring charitable assets are used for their intended purpose, safety is prioritized, and OpenAI remains in California. The AG will not oppose the plan and will monitor ongoing adherence to these commitments.
All data sourced from official government enforcement pages.