1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Connecticut Attorney General William Tong announced a $20,000 settlement with EnergyBillCruncher.com for misleading solar marketing tactics, including false claims about government coverage, misuse of the state seal, and false urgency in social media ads. The company must cease these practices and notify its solar installer partners.
$20K
The Connecticut Attorney General obtained a $5 million stipulated judgment against Vision Solar for alleged deceptive sales practices, including high-pressure tactics, misrepresentations, and performing unpermitted work. Although the company is bankrupt and cannot pay, the judgment establishes binding operational standards for solar companies in Connecticut regarding disclosures, contracting, permitting, and use of licensed contractors.
$5.0M
The FTC staff report examined data practices of nine major social media and video streaming companies and found they engaged in vast surveillance of users with lax privacy controls and inadequate safeguards for children and teens. The report recommends limiting data collection, restricting targeted advertising, and strengthening protections for young users, and calls for comprehensive federal privacy legislation.
Texas Attorney General Ken Paxton settled with Pieces Technologies for making deceptive claims about the accuracy of its healthcare AI products used in Texas hospitals. The company advertised an error rate of '<1 per 100,000' which was found inaccurate. The settlement requires Pieces to accurately disclose product accuracy and ensure hospital staff understand the limitations.
Consumer fraud case where the FTC settled with Invitation Homes for deceiving renters with undisclosed fees and unlawful charges, including hidden fees and unfair security deposit withholdings. The company must pay over $47.2 million in refunds to affected consumers and change its leasing practices.
$48.0M
Verkada, a security camera company, failed to secure customer data, leading to a hacker accessing over 150,000 cameras and sensitive health information. The company also violated the CAN-SPAM Act by sending spam emails without proper opt-out mechanisms. To settle, Verkada will pay $2.95 million and implement a comprehensive security program with audits.
$3.0M
Florida Attorney General Ashley Moody, joined by 20 other state attorneys general, sent a letter to online retailer Temu and its parent company PDD Holdings demanding answers about data collection, sharing, and retention practices, including potential unauthorized sharing of U.S. consumer data with the Chinese Communist Party. The coalition also raised concerns about possible violations of the Uyghur Forced Labor Prevention Act and inadequate cybersecurity measures. Temu has 30 days to respond to 11 detailed requests for information and documentation.
Texas Attorney General Ken Paxton filed a lawsuit against General Motors for unlawfully collecting private driving data from over 1.5 million Texas drivers without consent and selling the data to third parties including insurance companies. GM allegedly deceived customers into enrolling in products like OnStar Smart Driver by falsely claiming enrollment was required to retain vehicle safety features, while concealing that enrollment authorized systematic collection and sale of detailed driving data. The action follows an investigation launched in June 2024 as part of the Texas AG’s data privacy initiative, and seeks to hold GM accountable for violating state privacy laws.
Connecticut Attorney General William Tong announced an investigation into EnergyBillCruncher for making false claims that the government would cover solar installation costs, misusing the state seal, and creating false urgency. The investigation seeks information on the company's ownership, consumer interactions, and partnerships. This is part of broader actions against deceptive solar sales tactics.
The FTC and DOJ sued TikTok and ByteDance for violating COPPA by collecting personal information from children under 13 without parental consent. The complaint alleges that TikTok knowingly allowed millions of children on its platform and failed to comply with a 2019 consent order. The lawsuit seeks civil penalties and a permanent injunction.
Texas Attorney General Ken Paxton secured a $1.4 billion settlement with Meta over the company’s decade-long unauthorized capture of Texans’ facial geometry via its Tag Suggestions feature, which used facial recognition software without providing notice or obtaining informed consent. The practices violated Texas’s Capture or Use of Biometric Identifier Act (CUBI) and Deceptive Trade Practices Act, as Meta automatically enabled the feature for all Texans without explaining its functionality or seeking permission. This is the largest privacy settlement ever obtained by a single state attorney general, with Meta required to pay the penalty over five years and cease the unlawful biometric data practices.
$1.4B
California Attorney General Rob Bonta and Los Angeles City Attorney Hydee Feldstein Soto announced a $500,000 settlement with Tilting Point Media LLC over allegations that the company violated COPPA and the CCPA by illegally collecting and sharing children’s personal data without parental consent via its 'SpongeBob: Krusty Cook-Off' mobile game. The settlement requires Tilting Point to pay $500,000 in civil penalties and comply with injunctive terms including implementing neutral age screens, obtaining parental consent for children’s data collection/sharing, and maintaining an SDK governance framework. Tilting Point must also submit annual compliance reports to the California DOJ and LA City Attorney’s Office.
$500K
The FTC finalized an order against Avast for selling consumers' web browsing data for advertising after promising privacy protection. Avast must pay $16.5 million, is banned from selling such data, must delete collected data, obtain consent, notify consumers, and implement a privacy program.
$16.5M
California Attorney General Rob Bonta announced a $6.75 million settlement with software company Blackbaud over a 2020 data breach that exposed consumers' personal information including Social Security numbers, bank account details, and medical data. Blackbaud was found to have inadequate data security practices, failed to timely and accurately notify impacted individuals of the breach, and made misleading public disclosures about the breach and its pre-breach security measures. The settlement requires Blackbaud to pay penalties and implement enhanced data security and breach notification protocols.
$6.8M
Texas Attorney General Ken Paxton opened an investigation into multiple car manufacturers for collecting and selling driver data to third parties, including insurance companies, without consumers' knowledge or consent. The investigation, conducted under the Texas Deceptive Trade Practices – Consumer Protection Act, seeks documents about data collection practices and disclosures made to customers. The AG's office is concerned about invasive data collection and potential deceptive practices.
Texas Attorney General Ken Paxton initiated an investigation into multiple car manufacturers for allegedly collecting drivers' data without consent and selling it to third parties, including insurance providers. The investigation, authorized under the Texas Deceptive Trade Practices – Consumer Protection Act, requires manufacturers and data purchasers to produce documents related to their data practices and customer disclosures. The AG highlighted concerns about invasive, non-consensual data collection and sale occurring without consumer knowledge.
The FTC finalized a consent order against Blackbaud Inc. for alleged security failures that led to a data breach exposing personal data of millions of consumers. Blackbaud must delete unnecessary data, implement a security program, and not misrepresent its policies. No monetary penalty was imposed.
Connecticut Attorney General William Tong filed a lawsuit against Altice for charging unlawful 'Network Enhancement Fees' and failing to adequately disclose internet speed limits. The complaint seeks to stop the fees, recover millions for consumers, and address deceptive marketing practices including language barriers.
The FTC settled with InMarket Media for unlawfully collecting and using consumers' precise location data without adequate notice and consent. The order prohibits InMarket from selling or sharing precise location data, requires deletion of collected data, and mandates consumer consent mechanisms and privacy programs.
The FTC settled with telehealth firm Cerebral, Inc. for sharing sensitive consumer mental health data with third parties like LinkedIn, Snapchat, and TikTok for advertising without proper consent, employing sloppy security practices, and misleading consumers about cancellation policies. Cerebral must pay over $7 million (with $2 million due upfront), is permanently banned from using health information for most advertising, must implement a comprehensive privacy program, delete unnecessary data, and provide easy cancellation.
$7.0M
California Attorney General Rob Bonta announced a settlement with DoorDash resolving allegations that the company violated the CCPA and CalOPPA by selling California consumers' personal information to a marketing cooperative without required notice or an opt-out mechanism. DoorDash disclosed consumers' names, addresses, and transaction histories to the cooperative, failing to disclose this practice in its privacy policy as required by CalOPPA. The settlement requires DoorDash to pay a $375,000 civil penalty and comply with injunctive terms including vendor contract reviews and annual reporting to the AG.
$375K
Bumble Inc. agreed to pay $315,000 and update its disclosures to settle allegations that it misrepresented its criminal background screening policies to New Jersey users, violating the New Jersey Consumer Fraud Act and Internet Dating Safety Act. The settlement requires Bumble to clearly disclose its screening practices and safety limitations on its dating platforms.
$315K
The FTC settled with Avast for deceiving customers by claiming its antivirus software blocked tracking while secretly collecting and selling browsing data. Avast must pay $16.5 million in refunds and is banned from such practices. The FTC is now processing claims for affected consumers.
$16.5M
The Connecticut Office of the Attorney General released a mandated report on the Connecticut Data Privacy Act (CTDPA), detailing over a dozen notices of violation issued to companies across various industries for deficiencies in privacy disclosures and consumer rights mechanisms. The report highlights common compliance failures and reaffirms the AG's commitment to enforcement and education under the state's consumer privacy law.
The FTC settled with data brokers X-Mode Social and Outlogic for selling precise location data without informed consent and failing to protect sensitive information. The proposed order bans the sale of sensitive location data, requires deletion of collected data, and mandates a comprehensive privacy program. This is the FTC's first action against a data broker for sensitive location data practices.
Connecticut Attorney General William Tong expanded the complaint against Stone Academy, alleging its owners siphoned millions for personal luxury while students were denied promised education and clinical training. Revenues surged during the pandemic, but exam pass rates fell and students lacked textbooks and qualified teachers. The AG seeks civil penalties, restitution, and a receiver to protect assets for student relief.
The FTC and CFPB settled with Trans Union LLC and its subsidiary for violating the Fair Credit Reporting Act by including inaccurate and incomplete eviction records in tenant screening reports, harming consumers' ability to obtain housing. The settlement requires Trans Union to pay $15 million, with $11 million for consumer compensation and $4 million as a civil penalty, and to implement measures to ensure report accuracy and disclose data sources.
$15.0M
California Attorney General Rob Bonta announced a $93 million settlement with Google resolving allegations that the company violated state consumer protection laws through deceptive location-privacy practices. Google was accused of falsely telling users that turning off the “Location History” setting would stop location data collection, while continuing to collect and use location data for user profiling and targeted advertising without informed consent. In addition to the monetary penalty, Google must implement several injunctive measures to increase transparency and user control over location tracking.
$93.0M
The FTC settled with background report providers TruthFinder and Instant Checkmate, charging they deceived consumers about the accuracy of their reports (often mischaracterizing traffic tickets as criminal records) and violated the Fair Credit Reporting Act (FCRA) by operating as consumer reporting agencies without following its requirements, including ensuring accuracy and limiting permissible purposes. The companies will pay a $5.8 million penalty and implement a comprehensive FCRA compliance monitoring program.
$5.8M
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
All data sourced from official government enforcement pages.