1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
HopeHealth, Inc. (Healthcare Provider, SC) reported a HIPAA breach affecting 5,823 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Union County Children and Youth Services (Healthcare Provider, PA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CVS Caremark (Business Associate, RI) reported a HIPAA breach affecting 2,599 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Washington Gastroenterology (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Cross Blue Shield of Texas (Business Associate, IL) reported a HIPAA breach affecting 593 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
The California Privacy Protection Agency ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under the Delete Act. The order was issued by default after the company did not contest the allegations, highlighting CPPA's enforcement of data broker registration requirements.
$46K
The California Privacy Protection Agency (CPPA) ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under California's Delete Act. The order was issued by default after the company did not contest the allegations. This enforcement action highlights the CPPA's efforts to ensure data broker compliance with registration laws.
$46K
Allied Services Division Welfare Fund (Health Plan, IL) reported a HIPAA breach affecting 5,727 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Texas Attorney General Ken Paxton issued a 30-day compliance notice to TP-Link, Alibaba, CapCut, and other CCP-affiliated Chinese companies for violating the Texas Data Privacy and Security Act (TDPSA). The companies are accused of failing to disclose consumer data processing activities, allow opt-out of data collection, and enable consumer data deletion as required by Texas law. If the companies do not comply within 30 days, the Attorney General's office will pursue additional legal action.
The Carpenter Health Network (Healthcare Provider, LA) reported a HIPAA breach affecting 878 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton has issued notices to several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA's requirements to disclose data processing, allow opt-outs, and enable data deletion within 30 days, or face further legal action.
Texas Attorney General Ken Paxton announced legal action against several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies have been given 30 days to comply with requirements to disclose data processing, allow consumers to opt out of data collection, and enable data deletion. Failure to comply will result in further legal action to protect Texans' privacy rights and prevent data from being accessed by the Chinese Communist Party.
Texas Attorney General Ken Paxton has notified several Chinese companies, including TP-Link, Alibaba, and CapCut, that they are violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA requirements to disclose data processing, allow consumer opt-outs, and enable data deletion within 30 days. Failure to comply will result in further legal action.
SunLink Health Systems, Inc. (Healthcare Provider, GA) reported a HIPAA breach affecting 2,856 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Minnesota Orthodontics and Dentofacial Orthopedics, P.A. (Healthcare Provider, MN) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Monongalia Health System, Inc. (Healthcare Provider, WV) reported a HIPAA breach affecting 4,895 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
CardioVascular Health Clinic (Healthcare Provider, OK) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
DermCare Management (Business Associate, FL) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Berkeley Research Group, LLC (Business Associate, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Canby Clinic (Healthcare Provider, OR) reported a HIPAA breach affecting 549 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Physician Wound Solutions, LLC dba Apollo Medical Supply (Healthcare Provider, FL) reported a HIPAA breach affecting 3,561 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Carlton County Public Health and Human Services (Healthcare Provider, MN) reported a HIPAA breach affecting 3,502 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Maximus, Inc. (Business Associate, VA) reported a HIPAA breach affecting 4,955 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Palo Verde Hospital (Healthcare Provider, CA) reported a HIPAA breach affecting 594 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Brainard Surgery Center LLC (Healthcare Provider, OH) reported a HIPAA breach affecting 1,820 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Icon Family Healthcare LLC (Healthcare Provider, CA) reported a HIPAA breach affecting 1,800 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Florida Attorney General James Uthmeier filed a lawsuit against Snap, Inc., operator of Snapchat, for violating Florida’s HB3 child social media protection law and the Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The suit alleges Snap knowingly allowed children under 13 to create accounts, failed to obtain parental consent for 14-15 year old users, deployed addictive dark pattern design features to children, and deceived parents about platform risks including predator access, drug sales, and harmful content. The legal action seeks to hold Snap accountable for noncompliance with Florida child safety and privacy laws.
Texas Attorney General Ken Paxton filed a motion to appoint a Consumer Privacy Ombudsman in the Chapter 11 bankruptcy case of 23andMe to protect the sensitive genetic and personal data of Texans. The genetic testing company seeks to sell assets that may include genetic data, health information, and personally identifiable information. The AG's office is also informing Texans of their rights under Texas law to request deletion of their data and genetic samples.
90 Degree Benefits, Inc. – St. Paul (Business Associate, WI) reported a HIPAA breach affecting 1,268 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Connecticut Office of the Attorney General released an updated enforcement report on the Connecticut Data Privacy Act (CTDPA) for 2024, summarizing investigations into companies handling connected vehicles, genetic data, palm recognition, teen messaging apps, and facial recognition. The report outlines expanded enforcement priorities around opt-out practices and dark patterns, and includes legislative recommendations to strengthen the CTDPA.
All data sourced from official government enforcement pages.