1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Frilot L.L.C. (Business Associate, LA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Consumer fraud enforcement against Financial Education Services for operating a credit repair pyramid scheme that defrauded consumers with false promises of easy credit fixes. The FTC secured a settlement in 2024 requiring $10.9 million in refunds to over 443,000 consumers and permanent bans on the operators.
$10.9M
Sutton Dental Arts (Healthcare Provider, OR) reported a HIPAA breach affecting 4,109 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
EMS Department for the Kansas City, Kansas Fire Department (Healthcare Provider, KS) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Sun City Pediatrics, PA (Healthcare Provider, TX) reported a HIPAA breach affecting 4,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Fairfax Radiological Consultants (Healthcare Provider, VA) reported a HIPAA breach affecting 3,512 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong urged residents to enroll in free credit monitoring and identity theft protection following the Change Healthcare cyberattack in February 2024, which exposed sensitive health data. The breach potentially impacted up to one-third of Americans, but Change Healthcare has failed to provide individual notice to affected consumers. The AG joined other attorneys general in April 2024 to demand that UnitedHealth Group take more meaningful action to protect those harmed.
School Employees' Benefit Trust (Health Plan, IN) reported a HIPAA breach affecting 1,371 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Atlanta Perinatal Consultants, LLP (Healthcare Provider, GA) reported a HIPAA breach affecting 1,508 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Georgia Kidney Associates, Inc. (Healthcare Provider, GA) reported a HIPAA breach affecting 9,940 individuals. Breach type: Theft. Location of breached information: Other.
Texas Attorney General Ken Paxton issued warning letters to over 100 data brokers for failing to register with the Texas Secretary of State as required by the Texas Data Broker Law. The law, which took effect March 1, 2024, mandates that data brokers register and implement data protection safeguards. This enforcement action is part of a new initiative to protect Texans' privacy.
Texas Attorney General Ken Paxton issued warning letters to over 100 companies informing them of their apparent failure to register as data brokers with the Texas Secretary of State by the March 1, 2024 deadline required by Chapter 509 of the Texas Business and Commerce Code. The notification follows the establishment of a specialized privacy enforcement team within the AG’s Consumer Protection Division to enforce Texas privacy laws. The letters alert companies to potential penalties for noncompliance with registration and data safeguard requirements under Texas’s Data Broker Law.
Texas Attorney General Ken Paxton sent notification letters to over 100 companies for failing to register as data brokers under Texas Business and Commerce Code Chapter 509, which requires registration by March 1, 2024, and implementation of data safeguards. This action is part of an initiative to enforce privacy laws and protect consumer data.
ASBESTOS WORKERS LOCAL 42 WELFARE PLAN (Health Plan, GA) reported a HIPAA breach affecting 520 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
IBEW LOCAL 236 WELFARE FUND (Health Plan, CT) reported a HIPAA breach affecting 3,217 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton initiated an investigation into multiple car manufacturers for allegedly collecting drivers' data without consent and selling it to third parties, including insurance providers. The investigation, authorized under the Texas Deceptive Trade Practices – Consumer Protection Act, requires manufacturers and data purchasers to produce documents related to their data practices and customer disclosures. The AG highlighted concerns about invasive, non-consensual data collection and sale occurring without consumer knowledge.
Texas Attorney General Ken Paxton opened an investigation into multiple car manufacturers for collecting and selling driver data to third parties, including insurance companies, without consumers' knowledge or consent. The investigation, conducted under the Texas Deceptive Trade Practices – Consumer Protection Act, seeks documents about data collection practices and disclosures made to customers. The AG's office is concerned about invasive data collection and potential deceptive practices.
AmerisourceBergen Specialty Group, LLC (Healthcare Provider, PA) reported a HIPAA breach affecting 3,102 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC finalized a consent order against Blackbaud Inc. for alleged security failures that led to a data breach exposing personal data of millions of consumers. Blackbaud must delete unnecessary data, implement a security program, and not misrepresent its policies. No monetary penalty was imposed.
Pope & Conner Consulting, Inc. (Business Associate, WI) reported a HIPAA breach affecting 1,035 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Kenneth Young Center (Healthcare Provider, IL) reported a HIPAA breach affecting 6,842 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC settled with InMarket Media for unlawfully collecting and using consumers' precise location data without adequate notice and consent. The order prohibits InMarket from selling or sharing precise location data, requires deletion of collected data, and mandates consumer consent mechanisms and privacy programs.
AMERICAN RENAL MANAGEMENT (Business Associate, TN) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton announced a settlement with Multi Media, LLC, operator of Chaturbate, for violating Texas age verification law HB 1181. The company agreed to implement an age verification service on its website to prevent minors from accessing adult content. No monetary penalty was imposed in this settlement.
Empath-Stratum Inc. doing business as Empath Health (Healthcare Provider, FL) reported a HIPAA breach affecting 5,545 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Therapeutic Health Services (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cumberland Heights Foundation, Inc. (Healthcare Provider, TN) reported a HIPAA breach affecting 5,078 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The FTC finalized an order against data broker X-Mode and its successor Outlogic for selling precise location data that could track visits to sensitive locations like medical clinics and places of worship. The order bans them from sharing or selling sensitive location data and requires them to delete collected data, implement privacy programs, and ensure downstream compliance.
UNC Hospitals (Healthcare Provider, NC) reported a HIPAA breach affecting 3,142 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut, along with the U.S. Department of Justice and 15 other states, has filed a civil antitrust lawsuit against Apple Inc. for monopolizing smartphone markets in violation of the Sherman Act. The complaint alleges Apple engages in anticompetitive conduct such as blocking innovative apps, suppressing cloud streaming services, and limiting interoperability to maintain its monopoly and impose high costs on consumers and developers. The plaintiffs seek equitable relief to restore competition.
All data sourced from official government enforcement pages.