1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Guardian Analytics, Inc. and Actimize, Inc. settled with the Connecticut Attorney General over a data breach affecting 157,629 Connecticut residents. The breach, from November 2022 to January 2023, exposed personal information due to security failures. The settlement includes a $500,000 penalty and mandatory cybersecurity improvements.
$500K
Summit Pathology and Summit Pathology Laboratories, Inc. (Healthcare Provider, CO) reported a HIPAA breach affecting 1,813,538 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Clay Platte Family Medicine (Healthcare Provider, MO) reported a HIPAA breach affecting 53,916 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
RRCA Accounts Management Inc. (Business Associate, IL) reported a HIPAA breach affecting 115,837 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer, Network Server.
Detroit Wayne Integrated Health Network (Healthcare Provider, MI) reported a HIPAA breach affecting 3,347 individuals. Breach type: Hacking/IT Incident. Location of breached information: Laptop.
Advanced Recovery Equipment & Supplies, LLC (Healthcare Provider, NY) reported a HIPAA breach affecting 56,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Valleygate Dental Surgery Centers of Charlotte, Fayetteville, and the West, LLC. (Healthcare Provider, NC) reported a HIPAA breach affecting 14,589 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wilmington Community Clinic (Healthcare Provider, CA) reported a HIPAA breach affecting 11,601 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A multistate coalition of 50 attorneys general, including New Jersey, reached a $52 million settlement with Marriott International, Inc. for two data breaches that exposed personal information of over 131 million consumers. The breaches resulted from inadequate cybersecurity practices at Starwood and Marriott networks. The settlement mandates comprehensive security improvements and monetary penalties.
$52.0M
The FTC charged Marriott International and Starwood Hotels with failing to implement reasonable data security, leading to three data breaches affecting over 344 million customers. Under a proposed consent order, the companies must implement a comprehensive information security program, certify compliance annually for 20 years, and provide customers with ways to delete personal information and restore stolen loyalty points.
A multistate coalition of 50 attorneys general led by New York AG Letitia James reached a $52 million settlement with Marriott International, Inc. over a 2014-2018 data breach of its Starwood subsidiary’s guest reservation database that exposed 131.5 million consumers’ personal information. The breach, which went undetected for four years, compromised contact details, dates of birth, passport numbers, payment card information, and loyalty program data. Marriott is required to overhaul its data security practices, implement new compliance measures, and allow customers to delete their stored data as part of the settlement.
$52.0M
A multistate settlement with Marriott International for a data breach affecting 131.5 million guest records. Marriott failed to secure the Starwood network from 2014 to 2018, exposing personal information. The settlement includes a $52 million payment and requires Marriott to implement enhanced cybersecurity measures and consumer protections.
$52.0M
Texas Attorney General Ken Paxton secured a $3.5 million settlement with Marriott International, Inc. following an investigation into a data breach of the company’s reservation database that exposed 131 million U.S. guest records. The breach included sensitive customer information such as contact details, dates of birth, unencrypted passport numbers, and unexpired payment card information. Marriott is required to implement enhanced data security measures, including zero-trust principles and regular security reporting to its CEO, as part of the settlement.
$3.5M
TheraCom, L.L.C. (Healthcare Provider, PA) reported a HIPAA breach affecting 9,271 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Schneider Regional Medical Center (Healthcare Provider, ) reported a HIPAA breach affecting 1,570 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Ciox Health LLC, d/b/a Datavant Group (Business Associate, AZ) reported a HIPAA breach affecting 320,702 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
ATSG, Inc (Business Associate, NY) reported a HIPAA breach affecting 909,469 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dr. Daniel J. Leeman, M.D. (Healthcare Provider, TX) reported a HIPAA breach affecting 50,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Omni Family Health (Healthcare Provider, CA) reported a HIPAA breach affecting 468,344 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Spine Consultants, PLLC (Healthcare Provider, TX) reported a HIPAA breach affecting 8,048 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Asheville Arthritis and Osteoporosis Center, P.A. (Healthcare Provider, NC) reported a HIPAA breach affecting 58,251 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Jacobsen Construction Co., Inc. Health Plan (Health Plan, UT) reported a HIPAA breach affecting 2,127 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Muskogee City County Enhanced 911 Trust Authority (Business Associate, OK) reported a HIPAA breach affecting 180,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Southern Bone & Joint Specialists, PA (“Southern Bone”) (Healthcare Provider, MS) reported a HIPAA breach affecting 7,162 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Maryville Academy (Healthcare Provider, IL) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Atrium Health (Healthcare Provider, NC) reported a HIPAA breach affecting 32,120 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Nationwide Recovery Services, Inc. (Business Associate, GA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Welcome Health (Healthcare Provider, CA) reported a HIPAA breach affecting 597 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
EngageMED, Inc (Business Associate, AR) reported a HIPAA breach affecting 249,297 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Minnesota Department of Human Services (Healthcare Provider, MN) reported a HIPAA breach affecting 4,329 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
All data sourced from official government enforcement pages.