1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Northwest Asthma and Allergy Center (Healthcare Provider, WA) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Texas Attorney General Ken Paxton announced investigations into 15 companies, including Character.AI, Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA concerning children's privacy. The investigations target practices such as unauthorized sharing of minors' personal data and failure to provide parental controls. This action is part of Texas's broader initiative to enforce data privacy laws.
El Paso Healthcare System, Ltd. d/b/a Las Palmas Del Sol Healthcare (Healthcare Provider, TX) reported a HIPAA breach affecting 1,854 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
The FTC took action against Gravy Analytics Inc. and Venntel Inc. for unlawfully tracking and selling sensitive consumer location data without consent. The proposed consent order prohibits the sale or use of sensitive location data, requires deletion of historic data, and mandates compliance programs. This is part of the FTC's series of actions against data brokers selling sensitive location data.
Citadel of Northbrook (Healthcare Provider, IL) reported a HIPAA breach affecting 2,155 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Connecticut Attorney General William Tong sent a letter to Sephora regarding the marketing of anti-aging skincare products with harmful ingredients like retinol and acids to children and teens on social media. The AG seeks information on product placements in searches for kids and warning practices, cautioning parents about potential skin harm from these products.
Laboratory Services Cooperative (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
York County (Healthcare Provider, PA) reported a HIPAA breach affecting 841 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Terrace of Hialeah (Healthcare Provider, FL) reported a HIPAA breach affecting 1,177 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dolton Nursing & Rehab, LLC (Healthcare Provider, IL) reported a HIPAA breach affecting 1,559 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
HealthFund Solutions, LLC (Business Associate, FL) reported a HIPAA breach affecting 5,198 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Maternal Fetal Medicine Associates, PLLC, Carnegie Hill Imaging for Women, and Carnegie Women’s Health (collectively, “the Practices”) (Healthcare Provider, NY) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ASPEN HEALTHCARE SERVICES INC (Healthcare Provider, TX) reported a HIPAA breach affecting 7,195 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Physicians' Primary Care of Southwest Florida (Healthcare Provider, FL) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Humboldt Independent Practice Association (Humboldt IPA) (Healthcare Provider, CA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
United Seating and Mobility, LLC dba Numotion (Healthcare Provider, TN) reported a HIPAA breach affecting 2,319 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The California Privacy Protection Agency (CPPA) settled with data brokers Growbots, Inc. and UpLead LLC for failing to register and pay annual fees under the California Delete Act. Growbots paid $35,400 and UpLead paid $34,400, and both agreed to injunctive terms including payment of attorney fees for non-compliance. This action enforces the Delete Act's requirements for data broker transparency and consumer privacy.
$70K
Mid-Minnesota Management Services d/b/a Central Resources (Business Associate, IL) reported a HIPAA breach affecting 1,232 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Huron Inc. Health Plan (Health Plan, MI) reported a HIPAA breach affecting 750 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Mohawk Valley Cardiology, P.C. (Healthcare Provider, NY) reported a HIPAA breach affecting 4,973 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Northeast Professional Home Care, Inc. (Healthcare Provider, OH) reported a HIPAA breach affecting 648 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Brain & Eye Connection Vision Clinic, PC (Healthcare Provider, OK) reported a HIPAA breach affecting 2,207 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency (CPPA) announced an investigative sweep to enforce data broker registration compliance under the Delete Act. Data brokers must register annually and pay fees, with penalties of $200 per day for non-compliance. The CPPA will take enforcement actions against unregistered data brokers and is developing a consumer deletion platform (DROP) for 2026.
Connecticut Attorney General William Tong announced a $65,000 settlement with Hilario Truck Center and Hilario’s Service Center for illegally collecting junk fees such as PPE fees, administrative fees, and fuel surcharges during police-ordered tows. The settlement requires the companies to pay $10,000 to the state and provide refunds to eligible consumers who paid these unauthorized fees between 2019 and 2024.
$65K
Northeast Spine and Sports Medicine, LLC (Healthcare Provider, NJ) reported a HIPAA breach affecting 6,300 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Mystic Valley Elder Services - Business Associate (Business Associate, MA) reported a HIPAA breach affecting 2,402 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Detroit Wayne Integrated Health Network (Healthcare Provider, MI) reported a HIPAA breach affecting 3,347 individuals. Breach type: Hacking/IT Incident. Location of breached information: Laptop.
Jacksonville Children's Multispecialty Clinics/Atlantic Medical Management (Healthcare Provider, NC) reported a HIPAA breach affecting 2,224 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Connecticut Attorney General William Tong announced a $20,000 settlement with EnergyBillCruncher.com for misleading solar marketing tactics, including false claims about government coverage, misuse of the state seal, and false urgency in social media ads. The company must cease these practices and notify its solar installer partners.
$20K
Ad Valorem Records, Inc. (Business Associate, TN) reported a HIPAA breach affecting 590 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
All data sourced from official government enforcement pages.