1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Lena Pope Home Inc. (Healthcare Provider, TX) reported a HIPAA breach affecting 3,523 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Baylor Scott & White Texas Spine & Joint Hospital (Healthcare Provider, TX) reported a HIPAA breach affecting 1,640 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Columbia Eye Clinic (Healthcare Provider, SC) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Topy America Inc. (Health Plan, KY) reported a HIPAA breach affecting 1,827 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Welts, White, & Fontaine PC (Business Associate, NH) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James filed a lawsuit against National General and Allstate Insurance Company for two data breaches in 2020 and 2021 that exposed the driver’s license numbers of over 165,000 New York residents. The AG alleges National General failed to implement reasonable data security measures, did not notify consumers or state agencies of the first breach, and left systems vulnerable to a second larger breach after Allstate took over data security operations. The AG is seeking monetary penalties and an injunction to prevent further violations.
New York Attorney General Letitia James filed a lawsuit against National General Holdings Corp and Allstate Insurance Company for failing to protect personal information and notify consumers of data breaches. The breaches exposed driver's license numbers of over 165,000 New Yorkers due to poor cybersecurity. The AG is seeking monetary penalties and an injunction.
SCLARC (Business Associate, CA) reported a HIPAA breach affecting 722 individuals. Breach type: Theft. Location of breached information: Laptop, Other Portable Electronic Device, Paper/Films.
Madison County, MS (Health Plan, MS) reported a HIPAA breach affecting 6,082 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Manchester Rehabilitation and Healthcare Center (Healthcare Provider, CT) reported a HIPAA breach affecting 5,415 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
East Hawaii Rehab, Inc. DBA Lehua Physical Therapy and Rehab (Healthcare Provider, HI) reported a HIPAA breach affecting 8,472 individuals. Breach type: Theft. Location of breached information: Other, Other Portable Electronic Device, Paper/Films.
Kronick Moskovitz Tiedemann & Girard (Business Associate, CA) reported a HIPAA breach affecting 2,511 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Palmetto Operating LLC d/b/a Palmetto Subacute Care Center (‘Palmetto’) (Healthcare Provider, FL) reported a HIPAA breach affecting 2,746 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
The California Privacy Protection Agency settled with data broker Background Alert, Inc. for failing to register and pay fees under the Delete Act. The company must shut down its operations through 2028 or face a $50,000 fine. This action is part of a broader enforcement sweep against non-compliant data brokers.
New York Attorney General Letitia James led a 19-state coalition to secure a preliminary injunction blocking the Trump administration from granting Elon Musk and the Department of Government Efficiency (DOGE) unauthorized access to the Treasury Department’s central payment system and Americans’ sensitive personal information, including Social Security numbers and bank account details. A prior temporary restraining order required immediate destruction of all records already obtained by DOGE and Musk. The lawsuit remains ongoing to permanently prevent unauthorized access to private consumer data.
The California Privacy Protection Agency (CPPA) filed an administrative action against Jerico Pictures, Inc., doing business as National Public Data, for failing to register and pay the required annual fee under the California Delete Act. The action seeks a $46,000 fine for the company's 230-day late registration, as part of CPPA's enforcement sweep against data brokers.
$46K
The California Privacy Protection Agency (CPPA) filed an administrative action against National Public Data, a Florida-based data broker, for failing to register and pay the required annual fee under California's Delete Act. The agency is seeking a $46,000 fine for the violation, which occurred 230 days late, as part of an enforcement sweep targeting non-compliant data brokers.
$46K
Consultants in Pain Medicine (Healthcare Provider, TX) reported a HIPAA breach affecting 1,124 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Spring Management OK, LLC (Business Associate, OK) reported a HIPAA breach affecting 2,494 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton announced an investigation into Chinese AI company DeepSeek for alleged violations of the Texas Data Privacy and Security Act, citing concerns over the company’s privacy practices and ties to the Chinese Communist Party. The AG also notified DeepSeek of the alleged violations, issued a ban on DeepSeek’s platform on all Office of the Attorney General devices, and sent third-party Civil Investigative Demands to Google and Apple for documentation related to the DeepSeek app. The investigation stems from allegations that DeepSeek acts as a proxy for the CCP to steal Texas citizens’ data and undermine U.S. AI dominance.
Children's Dental Center at Preston Trail, P.C. d/b/a Park Place Pediatric Dentistry (Arlington, TX) (Healthcare Provider, TN) reported a HIPAA breach affecting 1,690 individuals. Breach type: Theft. Location of breached information: Laptop.
Cornerstones of Care (Healthcare Provider, MO) reported a HIPAA breach affecting 2,771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut filed a statement of interest in the bankruptcy of Prospect Medical Holdings, alleging years of mismanagement that harmed patients and led to a ransomware attack compromising the data of 212,369 residents. The state seeks to ensure a responsible transition of hospitals and hold Prospect accountable for its misconduct.
Connecticut Attorney General William Tong announced proposed legislation to protect minors from addictive social media features. The bill would prohibit exposing minors to harmful algorithms without parental consent, set default usage limits and notification restrictions, and require annual reporting by social media companies. This follows ongoing legal actions against Meta and TikTok for youth addiction concerns.
Columbus Division of Fire (Healthcare Provider, OH) reported a HIPAA breach affecting 736 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
CPS Solutions, LLC (Business Associate, OH) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
New York Attorney General Letitia James led a coalition of 18 other state attorneys general in suing the Trump administration and Department of Government Efficiency (DOGE) to stop unauthorized access to Americans' sensitive personal data held in U.S. Treasury payment systems. A federal judge granted a temporary restraining order blocking DOGE from accessing the data and requiring immediate destruction of any copies already obtained. A hearing on a motion for preliminary injunction is scheduled for February 14, 2025.
New York Attorney General Letitia James led a coalition of 11 other attorneys general in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE unauthorized access to the Treasury Department’s central payment system, exposing Social Security numbers, bank account information, and other private data of tens of millions of Americans. A federal judge granted a temporary restraining order on February 8, 2025, blocking access and ordering destruction of all obtained records, with the coalition seeking a preliminary injunction to continue the bar on unauthorized access.
New York Attorney General Letitia James led a coalition of 19 state attorneys general in filing a lawsuit against the Trump administration and U.S. Department of the Treasury over unauthorized access to Americans’ sensitive personal data. The lawsuit alleges the Treasury Department illegally granted Elon Musk and the Department of Government Efficiency (DOGE) access to its central payment system containing bank account details, Social Security numbers, and other private information, violating federal law and the U.S. Constitution. The coalition seeks an injunction to halt the policy and a declaration that the access expansion is unlawful and unconstitutional.
New York Attorney General Letitia James led a coalition of 19 states in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE access to the Treasury's payment system, exposing Americans' sensitive personal information. The lawsuit seeks an injunction to halt this policy and a declaration that it is unlawful and unconstitutional.
All data sourced from official government enforcement pages.