1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The FTC charged Marriott International and Starwood Hotels with failing to implement reasonable data security, leading to three data breaches affecting over 344 million customers. Under a proposed consent order, the companies must implement a comprehensive information security program, certify compliance annually for 20 years, and provide customers with ways to delete personal information and restore stolen loyalty points.
New York Attorney General Letitia James and California Attorney General Rob Bonta led a bipartisan coalition of 14 attorneys general in filing lawsuits against TikTok on October 8, 2024, alleging the platform harmed children’s mental health through addictive features and violated COPPA by collecting and monetizing data from users under 13 without parental consent. The lawsuits seek to halt TikTok’s harmful practices, impose financial penalties including disgorgement of profits from illegal practices, and secure damages for affected users. TikTok is also accused of misrepresenting the effectiveness of its safety tools and failing to warn users about harms from dangerous viral challenges and beauty filters.
TheraCom, L.L.C. (Healthcare Provider, PA) reported a HIPAA breach affecting 9,271 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong announced that a coalition of 22 attorneys general is escalating efforts to force TikTok to comply with a multistate investigation into harm to youth mental health. TikTok has failed to fully comply with court orders to preserve evidence and produce documents, impeding the investigation. The coalition is urging a Tennessee court to enforce its orders.
Schneider Regional Medical Center (Healthcare Provider, ) reported a HIPAA breach affecting 1,570 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton filed a lawsuit against TikTok for violating the Securing Children Online through Parental Empowerment (SCOPE) Act by sharing minors’ personal identifying information without parental consent and failing to provide parents with tools to manage their children’s account privacy settings. The lawsuit seeks civil penalties of up to $10,000 per violation and injunctive relief to prevent future violations. TikTok is accused of prioritizing profit over the online safety and privacy of Texas children.
Texas Spine Consultants, PLLC (Healthcare Provider, TX) reported a HIPAA breach affecting 8,048 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Jacobsen Construction Co., Inc. Health Plan (Health Plan, UT) reported a HIPAA breach affecting 2,127 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC staff report examined data practices of nine major social media and video streaming companies and found they engaged in vast surveillance of users with lax privacy controls and inadequate safeguards for children and teens. The report recommends limiting data collection, restricting targeted advertising, and strengthening protections for young users, and calls for comprehensive federal privacy legislation.
Texas Attorney General Ken Paxton settled with Pieces Technologies for making deceptive claims about the accuracy of its healthcare AI products used in Texas hospitals. The company advertised an error rate of '<1 per 100,000' which was found inaccurate. The settlement requires Pieces to accurately disclose product accuracy and ensure hospital staff understand the limitations.
Southern Bone & Joint Specialists, PA (“Southern Bone”) (Healthcare Provider, MS) reported a HIPAA breach affecting 7,162 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Maryville Academy (Healthcare Provider, IL) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Nationwide Recovery Services, Inc. (Business Associate, GA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Welcome Health (Healthcare Provider, CA) reported a HIPAA breach affecting 597 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The California Privacy Protection Agency (CPPA) issued an enforcement advisory clarifying that dark patterns—user interfaces that subvert consumer autonomy in making privacy choices—violate the California Consumer Privacy Act (CCPA). The advisory emphasizes that businesses must present opt-out options clearly and symmetrically, focusing on the effect rather than intent. It directs consumers to report suspected violations and provides resources for businesses to comply.
Minnesota Department of Human Services (Healthcare Provider, MN) reported a HIPAA breach affecting 4,329 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The FTC is distributing over $10.9 million in refunds to 443,048 consumers harmed by Financial Education Services (FES), a credit repair pyramid scheme that defrauded consumers through false promises of credit score fixes and illegal pyramid recruitment. The refunds follow a 2024 settlement with FES and its owners that banned them from fraudulent practices and required turnover of funds for consumer restitution.
CODAC Inc dba CODAC Behavioral Health and CODAC Healthcare, LLC (Healthcare Provider, RI) reported a HIPAA breach affecting 9,592 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Blue Cross and Blue Shield of North Carolina (Business Associate, NC) reported a HIPAA breach affecting 972 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong reached an agreement with Northwell Health and Nuvance Health to resolve an antitrust investigation into their proposed affiliation. The agreement preserves labor and delivery services at Sharon Hospital and strengthens healthcare access in Western Connecticut. Northwell committed to maintaining women's health services, investing in IT and cybersecurity, and complying with Connecticut's anti-steering statute for five years.
Attorney General William Tong, along with the U.S. Department of Justice and eight other state attorneys general, filed a civil antitrust lawsuit against RealPage Inc. for allegedly using its algorithmic pricing software to facilitate price fixing among landlords and monopolize the market for revenue management software. The complaint alleges that RealPage collects competitively sensitive rental data from landlords to train its algorithm, which then recommends prices, harming renters by reducing competition. The lawsuit seeks an injunction to end these practices and restore competition.
The Federal Trade Commission filed an amicus brief in a lawsuit where parents sued IXL Learning for allegedly collecting and selling children's data without proper consent. The FTC argued that under COPPA, school district agreements to arbitration do not bind parents. The brief opposes IXL Learning's attempt to compel arbitration.
Florida Attorney General Ashley Moody, joined by 20 other state attorneys general, sent a letter to online retailer Temu and its parent company PDD Holdings demanding answers about data collection, sharing, and retention practices, including potential unauthorized sharing of U.S. consumer data with the Chinese Communist Party. The coalition also raised concerns about possible violations of the Uyghur Forced Labor Prevention Act and inadequate cybersecurity measures. Temu has 30 days to respond to 11 detailed requests for information and documentation.
Texas Attorney General Ken Paxton filed a lawsuit against General Motors for unlawfully collecting private driving data from over 1.5 million Texas drivers without consent and selling the data to third parties including insurance companies. GM allegedly deceived customers into enrolling in products like OnStar Smart Driver by falsely claiming enrollment was required to retain vehicle safety features, while concealing that enrollment authorized systematic collection and sale of detailed driving data. The action follows an investigation launched in June 2024 as part of the Texas AG’s data privacy initiative, and seeks to hold GM accountable for violating state privacy laws.
siParadigm LLC (Healthcare Provider, NJ) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wayne Memorial Hospital (Healthcare Provider, GA) reported a HIPAA breach affecting 2,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC and DOJ sued TikTok and ByteDance for violating COPPA by collecting personal information from children under 13 without parental consent. The complaint alleges that TikTok knowingly allowed millions of children on its platform and failed to comply with a 2019 consent order. The lawsuit seeks civil penalties and a permanent injunction.
Calibrated Healthcare, LLC (Business Associate, CA) reported a HIPAA breach affecting 6,890 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong announced an investigation into EnergyBillCruncher for making false claims that the government would cover solar installation costs, misusing the state seal, and creating false urgency. The investigation seeks information on the company's ownership, consumer interactions, and partnerships. This is part of broader actions against deceptive solar sales tactics.
Roseland Community Hospital Association (Healthcare Provider, IL) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.