1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
PhyNet Dermatology, LLC (Business Associate, TN) reported a HIPAA breach affecting 1,308 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The Center at Cordera (Healthcare Provider, CO) reported a HIPAA breach affecting 6,057 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency (CPPA) ordered Accurate Append, Inc. to pay a $55,400 fine for failing to register as a data broker under the Delete Act by the January 31, 2024 deadline. The company registered only after being contacted during an enforcement sweep and agreed to injunctive terms, including paying attorney fees for future non-compliance.
$55K
Compass Counseling Services, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 5,440 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The New Jersey Division of Consumer Affairs sent warning letters to over 3,000 auto dealerships reminding them of the state's data deletion law, which requires dealerships to offer to delete personal data from vehicles when accepting them for resale or lease. Failure to comply can result in fines of $500 for first offenses and $1,000 for subsequent offenses, aimed at preventing unauthorized access to sensitive consumer information stored in vehicle infotainment systems.
New York Attorney General Letitia James joined a multistate coalition of 21 attorneys general and Kentucky in filing a lawsuit against the U.S. Department of Agriculture (USDA) challenging its illegal demand for personally identifiable information of over 40 million SNAP recipients. The coalition alleges the USDA’s requirement that states turn over SNAP recipients’ Social Security numbers, addresses, and immigration statuses violates federal and state laws prohibiting disclosure of SNAP data for non-program purposes, and that the data will be shared across federal agencies for unauthorized immigration enforcement. The coalition seeks a declaratory judgment declaring the policy illegal and a nationwide injunction preventing enforcement of the data demand.
Connecticut Attorney General William Tong filed a lawsuit against MAKECTBETTER LLC and individuals for operating a fraudulent scheme selling fake cannabis licenses. The defendants forged state documents and charged businesses up to $50,000 for non-existent licenses. The AG is seeking a $2.5 million prejudgment remedy to freeze the defendants' assets.
$2.5M
New York Attorney General Letitia James, joined by 20 other states and Kentucky, filed a lawsuit challenging the Trump administration's policy requiring states to disclose personal information of SNAP recipients to federal agencies. The policy violates privacy laws by demanding sensitive data like Social Security numbers for potential immigration enforcement. The coalition seeks a court injunction to stop the illegal data sharing.
Massachusetts Attorney General Andrea Campbell, joined by a coalition of 21 states and Kentucky, filed a lawsuit challenging the U.S. Department of Agriculture's demand that states turn over sensitive personal data of SNAP recipients. The lawsuit argues that this demand violates federal privacy laws and the Spending Clause, threatening the privacy of millions of low-income families and coercing states by threatening funding cuts.
New Jersey Attorney General Matthew J. Platkin joined a coalition of 20 attorneys general in filing a lawsuit against the U.S. Department of Agriculture (USDA) for demanding that states turn over sensitive personal information of SNAP recipients, including Social Security numbers and addresses. The lawsuit argues that this demand violates federal privacy laws and the Constitution, as the data is protected and should only be used for program administration. The coalition seeks to block USDA from conditioning SNAP funding on compliance with this demand.
Doctors’ Memorial Hospital (Healthcare Provider, FL) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Northwest Denture Center, Inc. (Healthcare Provider, WA) reported a HIPAA breach affecting 19,419 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Nova Recovery Center, LLC d/b/a Nova Recovery Center (Healthcare Provider, TX) reported a HIPAA breach affecting 6,242 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
McKenzie Memorial Hospital (Healthcare Provider, MI) reported a HIPAA breach affecting 58,839 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Gastroenterology Consultants of South Texas (Healthcare Provider, TX) reported a HIPAA breach affecting 44,579 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Shield of California (Health Plan, CA) reported a HIPAA breach affecting 783 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Laptop, Network Server, Other.
Kettering Adventist Healthcare (Healthcare Provider, OH) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton secured a record-setting $1.4 billion settlement with Meta for unlawfully capturing and using the biometric data of millions of Texans, marking one of the largest privacy settlements in U.S. history.
$1.4B
Dr. Michael Bilikas and Associates d.b.a. 32 Pearls (Healthcare Provider, WA) reported a HIPAA breach affecting 23,517 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton announced a comprehensive privacy enforcement initiative, achieving record settlements with Meta ($1.4B) and Google ($1.375B) for biometric and geolocation data violations, suing General Motors and TikTok, and investigating numerous companies for children's data and AI practices. The AG's office has enforced multiple Texas privacy laws and registered over 200 data brokers.
$2.8B
OrthoAtlanta LLC (Business Associate, GA) reported a HIPAA breach affecting 626 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Infinite Services, Inc. (Healthcare Provider, NY) reported a HIPAA breach affecting 31,742 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Equilibria Mental Health Services (Healthcare Provider, PA) reported a HIPAA breach affecting 3,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Keys Pathology Associates, PA (Healthcare Provider, FL) reported a HIPAA breach affecting 20,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The Brien Center for Mental Health and Substance Abuse Services (Healthcare Provider, MA) reported a HIPAA breach affecting 5,427 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Human Development Services of Westchester (Healthcare Provider, NY) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Oregon Specialty Group (Healthcare Provider, OR) reported a HIPAA breach affecting 3,337 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Self Regional Healthcare (Healthcare Provider, SC) reported a HIPAA breach affecting 26,696 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General settled with Capulet Entertainment over the failed Capulet Fest 2024, which was abruptly relocated and partially cancelled, leaving ticketholders without refunds. The settlement provides up to $50,000 in consumer refunds and imposes future requirements including performance bonds and contractor commitments.
Mid South Rehab Services Inc. (Healthcare Provider, MS) reported a HIPAA breach affecting 1,316 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
All data sourced from official government enforcement pages.