1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The Carpenter Health Network (Healthcare Provider, LA) reported a HIPAA breach affecting 878 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton has issued notices to several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA's requirements to disclose data processing, allow opt-outs, and enable data deletion within 30 days, or face further legal action.
Texas Attorney General Ken Paxton announced legal action against several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies have been given 30 days to comply with requirements to disclose data processing, allow consumers to opt out of data collection, and enable data deletion. Failure to comply will result in further legal action to protect Texans' privacy rights and prevent data from being accessed by the Chinese Communist Party.
Texas Attorney General Ken Paxton has notified several Chinese companies, including TP-Link, Alibaba, and CapCut, that they are violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA requirements to disclose data processing, allow consumer opt-outs, and enable data deletion within 30 days. Failure to comply will result in further legal action.
SunLink Health Systems, Inc. (Healthcare Provider, GA) reported a HIPAA breach affecting 2,856 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Minnesota Orthodontics and Dentofacial Orthopedics, P.A. (Healthcare Provider, MN) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Monongalia Health System, Inc. (Healthcare Provider, WV) reported a HIPAA breach affecting 4,895 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
CardioVascular Health Clinic (Healthcare Provider, OK) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
DermCare Management (Business Associate, FL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Berkeley Research Group, LLC (Business Associate, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Canby Clinic (Healthcare Provider, OR) reported a HIPAA breach affecting 549 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Physician Wound Solutions, LLC dba Apollo Medical Supply (Healthcare Provider, FL) reported a HIPAA breach affecting 3,561 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Carlton County Public Health and Human Services (Healthcare Provider, MN) reported a HIPAA breach affecting 3,502 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Maximus, Inc. (Business Associate, VA) reported a HIPAA breach affecting 4,955 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Palo Verde Hospital (Healthcare Provider, CA) reported a HIPAA breach affecting 594 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Brainard Surgery Center LLC (Healthcare Provider, OH) reported a HIPAA breach affecting 1,820 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Icon Family Healthcare LLC (Healthcare Provider, CA) reported a HIPAA breach affecting 1,800 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier filed a lawsuit against Snap, Inc., operator of Snapchat, for violating Florida’s HB3 child social media protection law and the Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The suit alleges Snap knowingly allowed children under 13 to create accounts, failed to obtain parental consent for 14-15 year old users, deployed addictive dark pattern design features to children, and deceived parents about platform risks including predator access, drug sales, and harmful content. The legal action seeks to hold Snap accountable for noncompliance with Florida child safety and privacy laws.
Texas Attorney General Ken Paxton filed a motion to appoint a Consumer Privacy Ombudsman in the Chapter 11 bankruptcy case of 23andMe to protect the sensitive genetic and personal data of Texans. The genetic testing company seeks to sell assets that may include genetic data, health information, and personally identifiable information. The AG's office is also informing Texans of their rights under Texas law to request deletion of their data and genetic samples.
90 Degree Benefits, Inc. – St. Paul (Business Associate, WI) reported a HIPAA breach affecting 1,268 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Connecticut Office of the Attorney General released an updated enforcement report on the Connecticut Data Privacy Act (CTDPA) for 2024, summarizing investigations into companies handling connected vehicles, genetic data, palm recognition, teen messaging apps, and facial recognition. The report outlines expanded enforcement priorities around opt-out practices and dark patterns, and includes legislative recommendations to strengthen the CTDPA.
The New Jersey Attorney General filed a lawsuit against Discord, Inc. for deceptive business practices under the Consumer Fraud Act. Discord misrepresented its Safe Direct Messaging and age verification features, failing to protect children from
Florida Attorney General James Uthmeier issued a subpoena to Roblox on April 16, 2025, as part of an investigation into the gaming platform’s child-protection policies and children’s data practices. The subpoena demands documents related to Roblox’s marketing to children, age-verification procedures, chat moderation, and processing of minors’ personal data, following reports of children being exposed to harmful content and predatory actors on the platform. No fines or remedies have been imposed yet, as the investigation is ongoing.
Recovery Epicenter Foundation (Healthcare Provider, FL) reported a HIPAA breach affecting 800 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
HEALTH AND WELLNESS OF TEXAS (Healthcare Provider, TX) reported a HIPAA breach affecting 500 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Email.
Magnolia Manor Inc. (Healthcare Provider, GA) reported a HIPAA breach affecting 960 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
AHS Sherman LLC dba AHS Sherman Medical Center (Healthcare Provider, TX) reported a HIPAA breach affecting 908 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Health Care Service Corporation (Health Plan, IL) reported a HIPAA breach affecting 2,944 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Blue Cross and Blue Shield of Oklahoma (Health Plan, IL) reported a HIPAA breach affecting 1,020 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Blue Cross and Blue Shield of Illinois (Health Plan, IL) reported a HIPAA breach affecting 6,903 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
All data sourced from official government enforcement pages.