1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Home Depot settled for $17.5 million over a 2014 data breach that compromised personal information of over 40 million consumers due to inadequate security at self-checkout kiosks. The settlement requires extensive cybersecurity reforms including an information security program, employee training, and encryption. New Jersey receives $579,623 from the multi-state settlement.
$17.5M
The FTC settled with Zoom for deceiving users about its encryption security and unfairly installing software that bypassed browser safeguards. Zoom must implement a comprehensive security program, undergo biennial audits, and is banned from making false security claims. No monetary penalty was imposed.
Wakefern Food Corp. and associated ShopRite entities settled allegations that they improperly disposed of electronic devices containing protected health information, potentially exposing the data of over 9,700 New Jersey residents. They agreed to pay $235,000 and implement comprehensive data security measures including appointing privacy officers and providing training.
$235K
New Jersey Attorney General settled with Community Health Systems, Inc. over a 2014 data breach affecting 6.1 million patients, including over 45,000 New Jersey residents. CHS will pay $5 million to 28 states and implement enhanced data security measures to protect personal and health information.
$5.0M
California Attorney General Xavier Becerra announced an $8.69 million settlement with health insurer Anthem, Inc. resolving allegations that the company violated state and federal privacy laws by failing to protect patient personal data in a 2014 data breach. The breach, announced in 2015, exposed personal information of 78 million consumers nationwide, including 13.5 million Californians, due to Anthem’s inadequate information security practices. The settlement includes injunctive terms requiring Anthem to overhaul its information security program to address vulnerabilities that enabled the breach.
$8.7M
New Jersey Attorney General announced a multi-state settlement with Anthem, Inc. over a 2015 data breach that exposed personal information of over 78 million Americans, including 1.15 million New Jersey residents. Anthem will pay $39.5 million to participating states and implement enhanced cybersecurity measures.
$39.5M
California Attorney General Xavier Becerra announced a settlement with Glow, Inc., operator of a fertility-tracking mobile app, over privacy and security failures that risked exposing millions of users’ sensitive personal and medical information. The settlement includes a $250,000 civil penalty and injunctive terms requiring Glow to implement privacy and security design principles, obtain affirmative user consent for data sharing, and allow users to revoke consent. Glow was alleged to have failed to safeguard health information, allowed unauthorized access to user data, and maintained flawed password reset functions that could enable third-party access without consent.
$250K
California Attorney General Xavier Becerra, leading a multistate coalition of all 50 states, the District of Columbia, and Puerto Rico, announced a settlement with Equifax over a 2017 data breach that exposed personal information of 147 million consumers, including 15 million Californians. The breach resulted from Equifax’s failure to apply a critical software patch and implement adequate security measures, with disclosure delayed for months after discovery. Equifax will pay $175 million in state penalties, up to $425 million in consumer restitution, and implement enhanced data security measures and ten years of free credit monitoring for affected consumers.
$175.0M
Premera Blue Cross suffered a data breach in 2014 that exposed personal and medical information of 10.5 million consumers. As part of a multistate settlement, Premera agreed to pay $10 million in civil penalties and implement security improvements and a compliance program. California will receive over $1 million from the settlement.
$10.0M
Neiman Marcus settled a multi-state investigation over a 2013 data breach that compromised payment card data of approximately 370,000 consumers nationwide, including 17,000 in New Jersey. The company agreed to pay $1.5 million and implement enhanced cybersecurity measures such as PCI compliance, network monitoring, and regular security assessments.
$1.5M
EmblemHealth, Inc. settled with the New Jersey Attorney General over a 2016 data breach where Medicare Health Insurance Claim Numbers (containing Social Security numbers) were improperly disclosed on mailing labels to over 81,000 customers, including 6,443 in New Jersey. The company agreed to pay a $100,000 civil penalty and implement compliance reforms including ceasing use of HICNs with SSNs, enhancing employee training, and notifying the state of future breaches.
$100K
ATA Consulting LLC, operating as Best Medical Transcription, settled for $200,000 over a 2016 server misconfiguration that publicly exposed health records of up to 1,654 patients. The settlement includes civil penalties and permanently bars the owner from operating a business in New Jersey. The breach violated HIPAA and the New Jersey Consumer Fraud Act due to inadequate security and failure to promptly notify affected individuals.
$200K
Uber Technologies, Inc. agreed to pay $148 million to settle a multi-state investigation into a data breach that compromised personal information of riders and drivers. The breach occurred in November 2016 but was not disclosed until November 2017. Uber must adopt new policies to safeguard consumer data.
$148.0M
Uber Technologies, Inc. settled for $148 million over a 2016 data breach that exposed 57 million users' personal information. The company was accused of covering up the breach by paying hackers and failing to notify authorities or affected drivers as required by law. The settlement includes a large penalty and mandates robust data security practices, privacy-by-design integration, and regular reporting to prevent future incidents.
$148.0M
Lightyear Dealer Technologies (DealerBuilt) settled an investigation into a 2016 data breach where a misconfigured file system exposed personal data, including social security numbers and bank information, of thousands of auto dealership customers nationwide. The settlement includes an $80,784 payment (with $20,000 suspended) and mandatory cybersecurity reforms.
$49K
Unixiz, Inc. agreed to shut down its i-Dressup teen social website and pay $98,618 in civil penalties to settle allegations that it violated COPPA by collecting personal information from over 2,500 New Jersey children without parental consent and failed to safeguard user data, leading to a 2016 data breach affecting more than 24,000 New Jersey residents.
$99K
Virtua Medical Group agreed to pay $417,816 and implement a corrective action plan to settle allegations that it failed to properly secure electronic protected health information (ePHI). A vendor's server misconfiguration publicly exposed the medical records of over 1,650 patients via Google searches. The New Jersey Division of Consumer Affairs found VMG violated HIPAA's Security and Privacy Rules by not adequately vetting the vendor's security and failing to conduct proper risk analysis.
$418K
Cottage Health System experienced two data breaches exposing medical information of over 50,000 patients due to inadequate security measures. The settlement requires a $2 million penalty and upgrades to security practices, including designating a Chief Privacy Officer.
$2.0M
New Jersey joined 31 other states and the FTC in a $3.5 million settlement with Lenovo for pre-installing VisualDiscovery ad software on laptops that created a 'man-in-the-middle' security vulnerability, intercepting users' encrypted data without adequate disclosure or opt-out mechanisms. The settlement requires Lenovo to improve transparency, obtain affirmative consent, provide effective opt-out tools, and implement a long-term security compliance program with independent audits.
$3.5M
Lenovo preinstalled 'Visual Discovery' software on its computers that intercepted browsing data and broke encrypted connections without user consent, compromising security and privacy. The multi-state settlement imposes a $3.5 million penalty and requires Lenovo to implement disclosure, consent, opt-out, and security compliance measures.
$3.5M
Nationwide Insurance settled a multi-state investigation into a 2012 data breach that exposed personal information of 1.27 million consumers due to failure to apply a security patch. The settlement requires enhanced security practices, hiring a Technology Officer, and a $5.5 million payment to the states.
$5.5M
Target settled a multi-state enforcement action for a 2013 data breach that exposed payment card information of over 40 million customers due to inadequate security. The $18.5 million settlement requires Target to implement advanced security measures, and California receives over $1.4 million.
$18.5M
Target Corp. agreed to pay $18.5 million to resolve a multi-state investigation into the November 2013 data breach that compromised payment card information of over 41 million shoppers. The settlement requires Target to implement comprehensive cybersecurity reforms, including a dedicated Information Security Program, encryption, network segmentation, and third-party assessments.
$18.5M
Horizon Blue Cross Blue Shield of New Jersey agreed to pay $926,803 in civil penalties and implement a corrective action plan to settle allegations that it failed to encrypt laptops containing protected health information, violating HIPAA/HITECH and the New Jersey Consumer Fraud Act.
$927K
The New Jersey Attorney General and FTC settled with app developer Equiliv Investments and Ryan Ramminger for distributing the Prized app that contained malware to mine cryptocurrency without user consent. The settlement prohibits such activities, requires record-keeping for 20 years, and imposes a $5,200 penalty with an additional $44,800 suspended.
$5K
The California Attorney General filed a complaint against Kaiser Foundation Health Plan, Inc. for improperly disposing of patient medical records containing protected health information. The records, including diagnoses and lab results, were found discarded at a recycling facility, violating patient privacy. The action alleges breaches of the California Confidentiality of Medical Information Act.
In 2013, the California Attorney General filed a complaint against Citibank, N.A. alleging that the bank failed to implement adequate security measures and did not properly notify customers about a data breach exposing personal and financial information. The complaint asserts violations of California's data breach notification law.
All data sourced from official government enforcement pages.