1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Harris County Hospital District d/b/a Harris Health (Healthcare Provider, TX) reported a HIPAA breach affecting 5,357 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
California Attorney General Rob Bonta filed a lawsuit against the City of El Cajon for unlawfully sharing Automated License Plate Reader (ALPR) data with over 100 out-of-state law enforcement agencies, violating state law that restricts such data to California public agencies. The AG is seeking a court order to halt the sharing and compel compliance with state privacy protections.
Brightstar Global Solutions Corporation (Health Plan, RI) reported a HIPAA breach affecting 103,879 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Arizona Health Care Cost Containment System- State Medicaid Agency (Health Plan, AZ) reported a HIPAA breach affecting 3,177 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Florida Health Sciences Center, Inc (Healthcare Provider, FL) reported a HIPAA breach affecting 896 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Governing Magazine recognized Connecticut Attorney General William Tong as a 2025 Public Official of the Year for his bipartisan enforcement leadership, highlighting major settlements including the $6 billion Purdue Pharma opioid case and $440 million JUUL e-cigarette marketing settlement.
Connecticut Attorney General William Tong, along with attorneys general from Arizona, New York, Virginia, Washington, and the FTC, sued Zillow and Redfin for an anticompetitive agreement where Zillow paid Redfin $100 million to exit the multifamily rental listing market. The complaint alleges violations of the Sherman Act and Clayton Act, claiming the agreement reduces competition and could lead to higher rents.
Harbor (Healthcare Provider, OH) reported a HIPAA breach affecting 216,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency (CPPA) settled with Tractor Supply Company for $1.35 million over violations of the California Consumer Privacy Act (CCPA). The violations included failing to maintain a proper privacy policy, not notifying job applicants of their rights, lacking an effective opt-out mechanism, and sharing personal information without adequate contracts. Tractor Supply must pay the fine and implement remedial measures such as scanning digital properties and annual compliance certification.
$1.4M
Weekend Health, LLC (Business Associate, NY) reported a HIPAA breach affecting 1,643 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
The FTC filed a complaint against Iconic Hearts Holdings, Inc., operator of the Sendit anonymous messaging app, for unlawfully collecting personal data from children in violation of COPPA, misleading users by sending messages from fake personas, and tricking consumers into paid subscriptions by falsely promising to reveal anonymous senders.
Blue Shield of California (Business Associate, CA) reported a HIPAA breach affecting 607 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Belkorp Ag, LLC (Health Plan, CA) reported a HIPAA breach affecting 942 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gainwell Technologies LLC (Business Associate, TX) reported a HIPAA breach affecting 912 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
The FTC and 19 states settled with Kars-R-Us.com, Inc. and its operators for deceptive charity fundraising claims, where only 0.28% of over $45 million raised was used for breast cancer screenings. Operators face permanent fundraising bans and a $3.88 million monetary judgment.
$3.9M
VIVA Health (Health Plan, AL) reported a HIPAA breach affecting 4,945 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Intercommunity Action Inc. (Healthcare Provider, PA) reported a HIPAA breach affecting 2,680 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Rockhill Women’s Care (Healthcare Provider, MO) reported a HIPAA breach affecting 70,129 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC secured a $2.5 billion settlement with Amazon, including a $1 billion civil penalty and $1.5 billion in consumer refunds, for enrolling millions of consumers in Prime subscriptions without proper consent and designing a deliberately difficult cancellation process. The order requires Amazon to implement clear enrollment disclosures, an easy cancellation method, and cease the unlawful practices.
$1.0B
Susan B. Allen Memorial Hospital (Healthcare Provider, KS) reported a HIPAA breach affecting 11,866 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer, Network Server.
Doctors Imaging Group (Healthcare Provider, FL) reported a HIPAA breach affecting 171,862 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
City of St. Joseph, MO Health Department (Healthcare Provider, MO) reported a HIPAA breach affecting 11,538 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Healthcare Interactive (Business Associate, MD) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A coalition of 21 state attorneys general led by New York Attorney General Letitia James obtained a temporary restraining order from the District Court for the Northern District of California blocking the USDA from demanding personally identifiable information of all SNAP recipients, including Social Security numbers, home addresses, and immigration statuses. The lawsuit argued that the USDA’s demand violated federal and state laws prohibiting disclosure of SNAP data except in narrow circumstances, and that the data would be used for immigration enforcement against recipients. The order also prohibits the USDA from withholding SNAP funding from plaintiff states that refuse to comply with the data demand.
New York Attorney General Letitia James and a coalition of 20 other states sued the U.S. Department of Agriculture to stop its demand for personal information of SNAP recipients for immigration enforcement. The District Court issued a temporary restraining order blocking USDA's demand and preventing funding cuts, citing violations of laws protecting SNAP data confidentiality.
People Encouraging People (Healthcare Provider, MD) reported a HIPAA breach affecting 13,083 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Health & Palliative Services of the Treasure Coast, Inc d/b/a Treasure Coast Hospice (“Treasure Health ”) (Healthcare Provider, FL) reported a HIPAA breach affecting 13,230 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Ennoble Care & Circa Health, LLC (Healthcare Provider, NJ) reported a HIPAA breach affecting 36,332 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Sturgis Hospital (Health Plan, MI) reported a HIPAA breach affecting 77,771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Sun Valley Surgery Center (Healthcare Provider, NV) reported a HIPAA breach affecting 27,001 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.