1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Apex Custom Software (Business Associate, TX) reported a HIPAA breach affecting 1,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Holdrege Memorial Homes, Inc. (Healthcare Provider, NE) reported a HIPAA breach affecting 1,446 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Treatment Solutions (Healthcare Provider, NJ) reported a HIPAA breach affecting 950 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong announced a coordinated multi-state enforcement action against the sale of bootleg, flavored disposable e-cigarettes. Civil investigative demands were served on 12 Connecticut smoke shops, convenience stores, and two wholesalers for selling illegally imported, non-FDA authorized nicotine products designed to appeal to youth. Nine other states announced parallel investigations or litigation targeting distributors and retailers of these products.
The FTC settled charges against GoDaddy for failing to implement adequate data security measures for its web hosting services, which led to multiple breaches and misled customers about its security protections. The proposed order requires GoDaddy to establish a comprehensive information security program and hire an independent assessor for regular reviews.
Texas Attorney General Ken Paxton defended House Bill 1181 at the U.S. Supreme Court, which requires online pornography sites to verify users' ages to protect children from harmful content. The law was challenged by pornography distributors, but Texas won at the Fifth Circuit and is now defending its constitutionality. Texas has also sued Aylo Global Entertainment for non-compliance, leading to Pornhub's shutdown in Texas.
The FTC finalized an order banning Mobilewalla Inc. from selling sensitive location data after alleging the company sold such data without verifying consumer consent. The order prohibits Mobilewalla from collecting data from ad exchanges for non-auction purposes, misrepresenting data practices, and using location data from sensitive locations like health clinics and places of worship.
The FTC finalized an order against IntelliVision Technologies Corp. for making deceptive claims about its facial recognition software's accuracy and lack of bias. The company must now back up any claims with competent testing and is prohibited from misrepresenting the software's performance. No monetary penalty was imposed.
Texas Attorney General Ken Paxton filed a lawsuit against Allstate and its subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million consumers without consent. The data, which includes precise geolocation information, was used to justify insurance premium increases. This action alleges violations of the Texas Data Privacy and Security Act (TDPSA).
Samaritan Counseling Center of the Fox Valley (Healthcare Provider, WI) reported a HIPAA breach affecting 956 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Texas Attorney General Ken Paxton filed a lawsuit against TikTok for deceptively promoting its app as safe for children despite the prevalence of inappropriate and explicit content. The action alleges violations of the SCOPE Act, which protects children's online privacy, and follows a previous lawsuit regarding data privacy issues.
BayMark Health Services, Inc. (Business Associate, TX) reported a HIPAA breach affecting 3,170 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The U.S. Department of Justice and ten states filed an amended complaint against six major landlords for using algorithmic pricing and sharing competitively sensitive information to suppress competition and raise rents. Cortland Management LLC agreed to a consent decree requiring it to cease these practices, cooperate with the investigation, and submit to court-monitored oversight. The landlords collectively manage over 1.3 million rental units across the United States.
Eastern Idaho Public Health (Healthcare Provider, ID) reported a HIPAA breach affecting 759 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
North Los Angeles County Regional Center (Business Associate, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
DentaQuest (Health Plan, WI) reported a HIPAA breach affecting 868 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Ingham County Medical Care Facility, d/b/a Dobie Road (Healthcare Provider, MI) reported a HIPAA breach affecting 3,078 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Attorney General William Tong announced that starting January 1, 2025, businesses covered by the Connecticut Data Privacy Act must honor global opt-out preference signals, allowing consumers to opt out of targeted advertising and data sales via tools like Global Privacy Control. The advisory explains requirements, notes exemptions for HIPAA-covered entities, and provides resources for compliance.
Omaha Surgical Center (Healthcare Provider, NE) reported a HIPAA breach affecting 1,110 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Dragonfly Health (Business Associate, AZ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Polaris Endeavors (Healthcare Provider, FL) reported a HIPAA breach affecting 4,552 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Khalil Foundation (DBA Khalil Center) (Healthcare Provider, IL) reported a HIPAA breach affecting 1,153 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
The FTC finalized an order against Marriott International and Starwood Hotels for failing to implement reasonable data security, which led to three data breaches affecting over 344 million customers. The companies must implement a comprehensive security program, delete unnecessary personal information, allow U.S. customers to request deletion, and restore stolen loyalty points. They are also prohibited from misrepresenting their data security practices.
Effortless Office Enterprises, LLC (Business Associate, NV) reported a HIPAA breach affecting 3,112 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
HealthEquity, Inc. (Business Associate, UT) reported a HIPAA breach affecting 1,549 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency (CPPA) settled with two data brokers, PayDae, Inc. (Infillion) and The Data Group, LLC, for failing to register as required by Senate Bill 362 (the Delete Act). Infillion paid $54,200 and The Data Group paid $46,600, and both agreed to injunctive terms to ensure future compliance with registration requirements.
California Correctional Health Care Services (Healthcare Provider, CA) reported a HIPAA breach affecting 1,416 individuals. Breach type: Loss. Location of breached information: Paper/Films.
Kitsap Mental Health Services (Healthcare Provider, WA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton launched investigations into Character.AI and 14 other companies, including Reddit, Instagram, and Discord, over potential violations of children’s privacy and safety laws. The investigations focus on compliance with the SCOPE Act and Texas Data Privacy and Security Act (TDPSA), which require parental consent for sharing minors’ data and mandate notice and consent requirements for children’s personal information. No fines or remedies have been imposed as the investigations are ongoing.
Connecticut Attorney General William Tong announced a multistate coalition of 16 attorneys general to use civil enforcement against irresponsible members of the firearms industry. The coalition will enforce state consumer protection and liability laws to reduce gun violence, with past actions including lawsuits against Glock for machine gun conversions and ghost gun dealers.
All data sourced from official government enforcement pages.