1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
The FTC settled with InMarket Media for unlawfully collecting and using consumers' precise location data without adequate notice and consent. The order prohibits InMarket from selling or sharing precise location data, requires deletion of collected data, and mandates consumer consent mechanisms and privacy programs.
AMERICAN RENAL MANAGEMENT (Business Associate, TN) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton announced a settlement with Multi Media, LLC, operator of Chaturbate, for violating Texas age verification law HB 1181. The company agreed to implement an age verification service on its website to prevent minors from accessing adult content. No monetary penalty was imposed in this settlement.
Therapeutic Health Services (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Empath-Stratum Inc. doing business as Empath Health (Healthcare Provider, FL) reported a HIPAA breach affecting 5,545 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Cumberland Heights Foundation, Inc. (Healthcare Provider, TN) reported a HIPAA breach affecting 5,078 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
The FTC finalized an order against data broker X-Mode and its successor Outlogic for selling precise location data that could track visits to sensitive locations like medical clinics and places of worship. The order bans them from sharing or selling sensitive location data and requires them to delete collected data, implement privacy programs, and ensure downstream compliance.
UNC Hospitals (Healthcare Provider, NC) reported a HIPAA breach affecting 3,142 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut, along with the U.S. Department of Justice and 15 other states, has filed a civil antitrust lawsuit against Apple Inc. for monopolizing smartphone markets in violation of the Sherman Act. The complaint alleges Apple engages in anticompetitive conduct such as blocking innovative apps, suppressing cloud streaming services, and limiting interoperability to maintain its monopoly and impose high costs on consumers and developers. The plaintiffs seek equitable relief to restore competition.
The Connecticut Attorney General and Consumer Protection Commissioner announced a public service announcement to warn about illegal, unsafe cannabis edibles that mimic kid-friendly snacks. The agencies highlighted ongoing enforcement actions against retailers selling unregulated delta-8 THC products, with four judgments secured totaling $40,000, and ten pending actions. The PSA aims to protect children from accidental ingestion of potent, untested products.
$40K
Connecticut Attorney General William Tong joined a bipartisan coalition of 41 attorneys general in sending a letter to Meta Platforms, Inc. to address the rising number of Facebook and Instagram account takeovers by scammers. The coalition criticizes Meta's inadequate security measures and calls for improved protections including multi-factor authentication, increased staffing for response, and stronger enforcement against scammers. The letter urges Meta to take immediate action to safeguard user accounts from hijacking and fraud.
A bipartisan coalition of 41 attorneys general, led by Illinois Attorney General Kwame Raoul, sent a letter to Meta Platforms Inc. calling for improved data security practices to protect users from account takeovers by scammers. The coalition cites a dramatic increase in account takeover complaints and urges Meta to increase staffing, implement multi-factor authentication, and take stronger enforcement actions against scammers.
Connecticut Attorney General William Tong announced legislative action to ban 40-year exclusive real estate listing agreements following an investigation into MV Realty that uncovered nearly 400 deceptive contracts. The company targeted lower-income homeowners with small cash payments for long-term liens, imposing steep penalties for cancellation or independent sales, and often failed to provide proper disclosure or copies of agreements.
The Connecticut Office of the Attorney General released a mandated report on the Connecticut Data Privacy Act (CTDPA), detailing over a dozen notices of violation issued to companies across various industries for deficiencies in privacy disclosures and consumer rights mechanisms. The report highlights common compliance failures and reaffirms the AG's commitment to enforcement and education under the state's consumer privacy law.
The California Privacy Protection Agency settled with data broker Key Marketing Advantage, LLC for failing to register and pay fees under the Delete Act. KMA will pay $55,800 and agree to injunctive terms. This is the fifth enforcement action in a sweep against unregistered data brokers.
$56K
The California Privacy Protection Agency (CPPA) settled with data broker Key Marketing Advantage, LLC for failing to register and pay fees under the Delete Act. KMA will pay $55,800 and comply with injunctive terms, including covering attorney fees for non-compliance. This is the fifth enforcement action in CPPA's sweep against unregistered data brokers.
$56K
Connecticut officials, including Attorney General William Tong, warned businesses about a scam by CT UCC Statement Service, which charges $90 for free UCC reports. The company's mailings are designed to look like government documents, but reports are available for free at business.ct.gov. Businesses should verify notices and avoid paying fees for free services.
The FTC settled with data brokers X-Mode Social and Outlogic for selling precise location data without informed consent and failing to protect sensitive information. The proposed order bans the sale of sensitive location data, requires deletion of collected data, and mandates a comprehensive privacy program. This is the FTC's first action against a data broker for sensitive location data practices.
The FTC has proposed amendments to the COPPA Rule to enhance children's privacy protections. Key changes include requiring separate parental consent for targeted advertising, prohibiting conditioning access on data collection, limiting push notifications, strengthening data security and retention requirements, and restricting commercial use in educational technology. The proposal shifts responsibility from parents to companies to safeguard children's data.
The FTC proposed a consent order against Global Tel*Link Corp. for failing to secure sensitive user data, leading to a breach affecting nearly 650,000 consumers, and for delaying notification for about nine months. The order requires the company to implement a comprehensive security program, notify affected users with credit monitoring, and report future breaches promptly.
Marymount Manhattan College suffered a data breach in 2021 affecting 99,097 New Yorkers. The New York Attorney General found that MMC failed to secure its network infrastructure and update security policies. As part of the agreement, MMC must invest $3.5 million over six years to improve data encryption, enable multi-factor authentication, and implement other security measures.
The FTC issued warnings to five tax preparation companies against using or disclosing consumer tax data for unrelated purposes like advertising without explicit consent. The agency cites its penalty offense authority, referencing a previous case against Beneficial Corp, and warns that such practices violate the FTC Act and could incur penalties up to $50,120 per violation. The notices highlight that using tracking technologies for data collection without consent is also prohibited.
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
Attorney General William Tong of Connecticut led a bipartisan coalition of 30 state attorneys general in submitting comments to the Federal Trade Commission. The comments aim to improve collaboration between the FTC and state AGs to prevent and prosecute unfair and deceptive practices, addressing issues raised by the AMG Capital decision that may limit restitution. The coalition emphasizes the importance of joint efforts for national consumer protection.
Attorney General William Tong of Connecticut joined a bipartisan coalition of 44 attorneys general to issue a letter supporting the G.U.A.R.D. VA Benefits Act. The legislation aims to hold unaccredited and unregulated actors accountable for defrauding veterans applying for VA benefits by requiring proper accreditation and imposing penalties, as unaccredited services waste veterans' money and time and may lead to fraud and identity theft.
Attorney General William Tong of Connecticut joined a multistate coalition of 21 attorneys general in filing an amicus brief to defend the federal government's ability to communicate with social media companies about dangerous online content. The coalition opposes a preliminary injunction that prohibits such communications, arguing it undermines public safety efforts and must be overturned. The brief highlights examples of productive dialogue on issues like election security, public health emergencies, and consumer protection.
The FTC and HHS sent warning letters to approximately 130 hospital systems and telehealth providers about the privacy and security risks of using online tracking technologies, such as Meta/Facebook pixel and Google Analytics, which may impermissibly disclose sensitive health information to third parties. The agencies emphasized that such disclosures could violate HIPAA for covered entities and the FTC Act for others, citing recent enforcement actions against companies like BetterHelp and GoodRx.
Connecticut Attorney General William Tong released guidance affirming that state and federal anti-discrimination laws continue to protect LGBTQ+ rights following the U.S. Supreme Court's decision in 303 Creative v. Elenis. The memo explains that the ruling's narrow exception for custom expressive works does not undermine Connecticut's broader public accommodations laws, which prohibit discrimination in marriage, employment, housing, credit, and hate crimes. The AG's office vows to remain vigilant and use enforcement authority to protect LGBTQ+ residents.
The Connecticut Attorney General and FCC warn consumers about increased student loan debt scam robocalls and robotexts following the Supreme Court decision on student loan forgiveness. They provide tips on how to spot scams and advise consumers not to share personal information and to report suspicious calls.
Attorney General William Tong released guidance advising Connecticut consumers of new privacy rights under the Connecticut Data Privacy Act (CTDPA), effective July 1, 2023. The CTDPA grants consumers rights to access, correct, delete, and opt-out of the sale of personal data and targeted advertising. Businesses must comply with these requirements, obtain consent for sensitive data and children's data, and maintain privacy notices.
All data sourced from official government enforcement pages.