1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Aprendamos Intervention Team, P.A. (Healthcare Provider, NM) reported a HIPAA breach affecting 1,916 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Inlet Health dba Communicare (Healthcare Provider, KY) reported a HIPAA breach affecting 3,771 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Apex Custom Software (Business Associate, TX) reported a HIPAA breach affecting 1,500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
University Diagnostic Medical Imaging, PC (Healthcare Provider, NY) reported a HIPAA breach affecting 138,080 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Holdrege Memorial Homes, Inc. (Healthcare Provider, NE) reported a HIPAA breach affecting 1,446 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC settled with Cognosphere LLC, developer of Genshin Impact, for violating COPPA by collecting personal information from children without parental consent and for deceptive practices regarding in-game loot box purchases. The company will pay $20 million in penalties and is banned from selling loot boxes to children under 16 without verifiable parental consent.
$20.0M
Asheville Eye Associates, PLLC (Healthcare Provider, NC) reported a HIPAA breach affecting 204,984 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC settled with Cognosphere, the developer of Genshin Impact, for violating COPPA by collecting children's data without parental consent and for using deceptive loot box practices that misled players about costs and odds. Cognosphere will pay a $20 million fine, be banned from selling loot boxes to teens under 16 without parental consent, and must implement various transparency and data deletion measures.
$20.0M
Allegheny Health Network Home Medical Equipment LLC and Allegheny Health Network Home Infusion LLC (Healthcare Provider, PA) reported a HIPAA breach affecting 292,773 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Behavioral Health Resources (Healthcare Provider, WA) reported a HIPAA breach affecting 49,213 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Alpine Ears, Nose & Throat, P.L.L.C. (Healthcare Provider, CO) reported a HIPAA breach affecting 65,648 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Community Treatment Solutions (Healthcare Provider, NJ) reported a HIPAA breach affecting 950 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong announced a coordinated multi-state enforcement action against the sale of bootleg, flavored disposable e-cigarettes. Civil investigative demands were served on 12 Connecticut smoke shops, convenience stores, and two wholesalers for selling illegally imported, non-FDA authorized nicotine products designed to appeal to youth. Nine other states announced parallel investigations or litigation targeting distributors and retailers of these products.
The FTC alleged that General Motors and its OnStar subsidiary collected and sold drivers' precise geolocation and driving behavior data (e.g., hard braking, speeding) to consumer reporting agencies without adequately notifying consumers or obtaining their affirmative consent. A proposed consent order bans the companies from disclosing this sensitive data to consumer reporting agencies for five years and requires them to implement clearer consent mechanisms, data access/deletion processes, and opt-out options.
The FTC settled charges against GoDaddy for failing to implement adequate data security measures for its web hosting services, which led to multiple breaches and misled customers about its security protections. The proposed order requires GoDaddy to establish a comprehensive information security program and hire an independent assessor for regular reviews.
Texas Attorney General Ken Paxton defended House Bill 1181 at the U.S. Supreme Court, which requires online pornography sites to verify users' ages to protect children from harmful content. The law was challenged by pornography distributors, but Texas won at the Fifth Circuit and is now defending its constitutionality. Texas has also sued Aylo Global Entertainment for non-compliance, leading to Pornhub's shutdown in Texas.
The FTC finalized an order banning Mobilewalla Inc. from selling sensitive location data after alleging the company sold such data without verifying consumer consent. The order prohibits Mobilewalla from collecting data from ad exchanges for non-auction purposes, misrepresenting data practices, and using location data from sensitive locations like health clinics and places of worship.
Connecticut Attorney General William Tong announced a $1.5 million settlement with Carvana to resolve hundreds of consumer complaints about delays in title and registration, delayed payments to sellers, and deceptive vehicle representations. The settlement includes a $1 million restitution fund for affected consumers and a $500,000 penalty to the state, with $250,000 suspended if Carvana complies. Carvana must comply with Connecticut laws and improve customer service.
$500K
New York Attorney General Letitia James announced a settlement with Equifax Information Services, LLC for inaccurately reporting credit scores to lenders due to a coding error, which lowered consumers' scores and inflated costs for loans and insurance between March and April 2022. Equifax will pay $725,000 and implement safeguards to prevent future errors, with restitution for affected consumers.
$725K
The FTC finalized an order against IntelliVision Technologies Corp. for making deceptive claims about its facial recognition software's accuracy and lack of bias. The company must now back up any claims with competent testing and is prohibited from misrepresenting the software's performance. No monetary penalty was imposed.
Texas Attorney General Ken Paxton filed a lawsuit against Allstate and its subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million consumers without consent. The data, which includes precise geolocation information, was used to justify insurance premium increases. This action alleges violations of the Texas Data Privacy and Security Act (TDPSA).
Mid America Physician Services (Healthcare Provider, KS) reported a HIPAA breach affecting 104,513 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Samaritan Counseling Center of the Fox Valley (Healthcare Provider, WI) reported a HIPAA breach affecting 956 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut Attorney General William Tong announced a $5 million preliminary settlement with Stone Academy and its owners for unfair and deceptive conduct. The for-profit nursing school failed to deliver promised education, lacking textbooks, experienced teachers, and clinical training, and abruptly closed in February 2023. The settlement provides cash payments to harmed students, bars the owner from higher education employment for five years, and includes measures to help students complete their education.
$5.0M
Newport Harbor Pathology Medical Group, Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 119,341 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton filed a lawsuit against TikTok for deceptively promoting its app as safe for children despite the prevalence of inappropriate and explicit content. The action alleges violations of the SCOPE Act, which protects children's online privacy, and follows a previous lawsuit regarding data privacy issues.
BayMark Health Services, Inc. (Business Associate, TX) reported a HIPAA breach affecting 3,170 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The U.S. Department of Justice and ten states filed an amended complaint against six major landlords for using algorithmic pricing and sharing competitively sensitive information to suppress competition and raise rents. Cortland Management LLC agreed to a consent decree requiring it to cease these practices, cooperate with the investigation, and submit to court-monitored oversight. The landlords collectively manage over 1.3 million rental units across the United States.
Eastern Idaho Public Health (Healthcare Provider, ID) reported a HIPAA breach affecting 759 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Medusind Inc. (Business Associate, FL) reported a HIPAA breach affecting 701,475 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.