1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
EMS Department for the Kansas City, Kansas Fire Department (Healthcare Provider, KS) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Sun City Pediatrics, PA (Healthcare Provider, TX) reported a HIPAA breach affecting 4,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Fairfax Radiological Consultants (Healthcare Provider, VA) reported a HIPAA breach affecting 3,512 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
School Employees' Benefit Trust (Health Plan, IN) reported a HIPAA breach affecting 1,371 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Atlanta Perinatal Consultants, LLP (Healthcare Provider, GA) reported a HIPAA breach affecting 1,508 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ASBESTOS WORKERS LOCAL 42 WELFARE PLAN (Health Plan, GA) reported a HIPAA breach affecting 520 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
IBEW LOCAL 236 WELFARE FUND (Health Plan, CT) reported a HIPAA breach affecting 3,217 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AmerisourceBergen Specialty Group, LLC (Healthcare Provider, PA) reported a HIPAA breach affecting 3,102 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC finalized a consent order against Blackbaud Inc. for alleged security failures that led to a data breach exposing personal data of millions of consumers. Blackbaud must delete unnecessary data, implement a security program, and not misrepresent its policies. No monetary penalty was imposed.
Pope & Conner Consulting, Inc. (Business Associate, WI) reported a HIPAA breach affecting 1,035 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Kenneth Young Center (Healthcare Provider, IL) reported a HIPAA breach affecting 6,842 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AMERICAN RENAL MANAGEMENT (Business Associate, TN) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Therapeutic Health Services (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Empath-Stratum Inc. doing business as Empath Health (Healthcare Provider, FL) reported a HIPAA breach affecting 5,545 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Cumberland Heights Foundation, Inc. (Healthcare Provider, TN) reported a HIPAA breach affecting 5,078 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
UNC Hospitals (Healthcare Provider, NC) reported a HIPAA breach affecting 3,142 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
A bipartisan coalition of 41 attorneys general, led by Illinois Attorney General Kwame Raoul, sent a letter to Meta Platforms Inc. calling for improved data security practices to protect users from account takeovers by scammers. The coalition cites a dramatic increase in account takeover complaints and urges Meta to increase staffing, implement multi-factor authentication, and take stronger enforcement actions against scammers.
Connecticut Attorney General William Tong joined a bipartisan coalition of 41 attorneys general in sending a letter to Meta Platforms, Inc. to address the rising number of Facebook and Instagram account takeovers by scammers. The coalition criticizes Meta's inadequate security measures and calls for improved protections including multi-factor authentication, increased staffing for response, and stronger enforcement against scammers. The letter urges Meta to take immediate action to safeguard user accounts from hijacking and fraud.
The FTC settled with data brokers X-Mode Social and Outlogic for selling precise location data without informed consent and failing to protect sensitive information. The proposed order bans the sale of sensitive location data, requires deletion of collected data, and mandates a comprehensive privacy program. This is the FTC's first action against a data broker for sensitive location data practices.
The FTC has proposed amendments to the COPPA Rule to enhance children's privacy protections. Key changes include requiring separate parental consent for targeted advertising, prohibiting conditioning access on data collection, limiting push notifications, strengthening data security and retention requirements, and restricting commercial use in educational technology. The proposal shifts responsibility from parents to companies to safeguard children's data.
The FTC proposed a consent order against Global Tel*Link Corp. for failing to secure sensitive user data, leading to a breach affecting nearly 650,000 consumers, and for delaying notification for about nine months. The order requires the company to implement a comprehensive security program, notify affected users with credit monitoring, and report future breaches promptly.
Marymount Manhattan College suffered a data breach in 2021 affecting 99,097 New Yorkers. The New York Attorney General found that MMC failed to secure its network infrastructure and update security policies. As part of the agreement, MMC must invest $3.5 million over six years to improve data encryption, enable multi-factor authentication, and implement other security measures.
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
Connecticut Attorney General William Tong launched a consumer protection investigation into Hyundai and Kia for failing to equip vehicles with standard anti-theft immobilizers between 2011 and 2022, leading to high theft rates and public safety concerns. The investigation seeks records on the companies' decision-making and potential fixes, following a coalition of attorneys general calling for a federal recall.
The FTC settled with genetic testing company 1Health.io for failing to secure sensitive genetic and health data, deceiving consumers about data deletion, and unfairly changing its privacy policy without notice or consent. The settlement includes refunds totaling over $49,500 to 2,432 affected consumers.
$50K
The FTC proposed modifications to its 2020 privacy order with Meta, alleging violations including non-compliance with the order, misleading parents about Messenger Kids, and unauthorized data sharing. The proposed changes include banning monetization of youth data, pausing new product launches, and strengthening privacy requirements.
The FTC settled with Ring for failing to secure consumer videos, allowing unauthorized access by employees and hackers. Ring agreed to provide $5.6 million in refunds to affected customers and implement security measures.
$5.6M
The FTC finalized an order against Chegg Inc. for failing to secure student data, leading to breaches that exposed personal information of about 40 million users and employees. Chegg must implement a comprehensive security program, limit data collection, offer multifactor authentication, and allow data access and deletion.
The FTC finalized an order against Drizly and its CEO for security failures that led to a data breach exposing 2.5 million consumers' personal information. Drizly failed to implement basic security measures despite prior alerts. The order requires Drizly to destroy unnecessary data, implement a security program, and publicly detail data collection practices.
In March 2022, Connecticut Attorney General William Tong announced that Connecticut is co-leading a multistate investigation into T-Mobile's 2021 data breach, which affected over 53 million individuals. The breach compromised sensitive data including names, dates of birth, Social Security Numbers, and driver's license information. Tong urged affected consumers to take protective steps such as credit monitoring and freezes.
All data sourced from official government enforcement pages.