Court Rules

Privacy Enforcement Tracker

1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.

1,285

Total Actions

14

Jurisdictions

$35.3B+

Total Fines Tracked

Access this data programmatically:MCP Server API Docs
JurisdictionAllHHSFTCCTCANJTXNYCPPAORFL
ViolationAllData BreachHealth DataSecurity FailureUnauthorized Data SharingNotice FailureConsent FailureChildren's DataOpt-Out FailureData Broker Non-ComplianceDark PatternsGeolocation DataStudent Data
IndustryAllTechnologyGamingEducation TechnologyHealthcareFinancial ServicesSocial MediaAdvertising TechnologyData BrokerTelecommunicationsMedia & Entertainment
RiskAllCriticalHighMediumLow
Showing 43 resultsClear all filters
HHSEnforcement Action

WebTPA Employer Services, LLC (“WebTPA”)

WebTPA Employer Services, LLC (“WebTPA”) (Business Associate, TX) reported a HIPAA breach affecting 2,518,533 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.

CriticalData BreachHealth DataSecurity Failure
NYSettlementMultistate

Blackbaud

Blackbaud, a cloud company providing donor management software, experienced a 2020 data breach exposing personal information of millions of donors through its nonprofit customers. A multistate investigation found Blackbaud failed to implement adequate data security and delayed breach notifications. As a result, Blackbaud agreed to pay $49.5 million and overhaul its security practices.

CriticalSecurity FailureBreach Notification Delay

$49.5M

NJSettlementMultistate

Blackbaud

Blackbaud, a software company, experienced a ransomware attack in 2020 that exposed sensitive personal information, including protected health data, due to inadequate security practices and delayed breach notification. A multistate investigation resulted in a $49.5 million settlement, requiring Blackbaud to enhance data security, implement breach response plans, and undergo third-party assessments.

CriticalData BreachSecurity FailureBreach Notification Delay

$49.5M

CTSettlementMultistate

Experian; T-Mobile

Connecticut, as part of a 40-state coalition, secured multistate settlements totaling over $16 million with Experian and T-Mobile related to data breaches in 2012 and 2015 that exposed consumers' personal information. Experian agreed to pay $12.67 million and implement enhanced data security measures, while T-Mobile agreed to pay $2.43 million and strengthen vendor management. Additionally, Experian Data Corp. paid $1 million to resolve a separate 2012 breach investigation, with all entities required to improve data protection practices.

CriticalData BreachSecurity FailureNotice Failure

$16.0M

NJSettlementMultistate

Experian and T-Mobile

New Jersey Attorney General Matthew J. Platkin announced a multistate settlement with Experian and T-Mobile over a 2015 data breach that compromised personal information of over 15 million consumers. The companies will pay over $16 million to states and agree to improve data security and vendor management practices. New Jersey will receive approximately $500,000 from the settlement.

CriticalData BreachSecurity Failure

$16.0M

NJSettlementMultistate

Retrieval-Masters Creditors Bureau d/b/a American Medical Collection Agency(American Medical Collection Agency)

AMCA suffered an eight-month data breach from August 2018 to March 2019, exposing personal information including Social Security numbers, payment card data, and medical test details of over 7 million individuals nationwide, including 246,000 New Jersey residents. The multistate settlement requires AMCA to implement enhanced data security measures and pay $21 million, though payment is suspended due to the company's financial situation.

CriticalSecurity FailureData BreachHealth Data

$21.0M

NJSettlementMultistate

Home Depot

Home Depot settled for $17.5 million over a 2014 data breach that compromised personal information of over 40 million consumers due to inadequate security at self-checkout kiosks. The settlement requires extensive cybersecurity reforms including an information security program, employee training, and encryption. New Jersey receives $579,623 from the multi-state settlement.

CriticalData BreachSecurity Failure

$17.5M

NJSettlementMultistate

Anthem, Inc.(Anthem)

New Jersey Attorney General announced a multi-state settlement with Anthem, Inc. over a 2015 data breach that exposed personal information of over 78 million Americans, including 1.15 million New Jersey residents. Anthem will pay $39.5 million to participating states and implement enhanced cybersecurity measures.

CriticalData BreachSecurity Failure

$39.5M

CASettlementMultistate

Equifax

California Attorney General led a multistate settlement with Equifax for a 2017 data breach that exposed personal information of 147 million consumers due to security failures and delayed disclosure. Equifax must pay $175 million in state penalties, $425 million for consumer restitution, and implement data security enhancements including a comprehensive Information Security Program and credit monitoring for up to ten years.

CriticalData BreachSecurity FailureBreach Notification Delay

$175.0M

CASettlementMultistate

Uber Technologies, Inc.(Uber)

Uber Technologies, Inc. settled for $148 million over a 2016 data breach that exposed 57 million users' personal information. The company was accused of covering up the breach by paying hackers and failing to notify authorities or affected drivers as required by law. The settlement includes a large penalty and mandates robust data security practices, privacy-by-design integration, and regular reporting to prevent future incidents.

CriticalData BreachNotice FailureSecurity Failure

$148.0M

NJSettlementMultistate

Uber Technologies, Inc.(Uber)

Uber Technologies, Inc. agreed to pay $148 million to settle a multi-state investigation into a data breach that compromised personal information of riders and drivers. The breach occurred in November 2016 but was not disclosed until November 2017. Uber must adopt new policies to safeguard consumer data.

CriticalData BreachSecurity FailureBreach Notification Delay

$148.0M

NJSettlementMultistate

Target Corp.(Target)

Target Corp. agreed to pay $18.5 million to resolve a multi-state investigation into the November 2013 data breach that compromised payment card information of over 41 million shoppers. The settlement requires Target to implement comprehensive cybersecurity reforms, including a dedicated Information Security Program, encryption, network segmentation, and third-party assessments.

CriticalData BreachSecurity Failure

$18.5M

CASettlementMultistate

Target

Target settled a multi-state enforcement action for a 2013 data breach that exposed payment card information of over 40 million customers due to inadequate security. The $18.5 million settlement requires Target to implement advanced security measures, and California receives over $1.4 million.

CriticalData BreachSecurity Failure

$18.5M

Explore Enforcement Data

By Jurisdiction

HHS Office for Civil Rights554 Federal Trade Commission109 Connecticut Attorney General101 California Attorney General55 New Jersey Attorney General50 Texas Attorney General39 New York Attorney General34 California Privacy Protection Agency19 Oregon Attorney General16 Florida Attorney General12 Massachusetts Attorney General6 Illinois Attorney General3 WA1 Virginia Attorney General1

By Violation Type

Data Breach619 Health Data615 Security Failure583 Unauthorized Data Sharing173 Notice Failure102 Consent Failure89 Children's Data69 Opt-Out Failure42 Data Broker Non-Compliance24 Dark Patterns20 Geolocation Data18 Student Data18

By Industry

TechnologyGamingEducation TechnologyHealthcareFinancial ServicesSocial MediaAdvertising TechnologyData BrokerTelecommunicationsMedia & EntertainmentGovernmentRetailInsuranceOther