1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Texas Attorney General Ken Paxton has launched investigations into Character.AI and fourteen other companies, including Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA regarding children's privacy and safety. The investigations focus on unauthorized sharing of minors' data and lack of parental controls. No penalties have been imposed yet as the investigations are ongoing.
Texas Attorney General Ken Paxton announced investigations into 15 companies, including Character.AI, Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA concerning children's privacy. The investigations target practices such as unauthorized sharing of minors' personal data and failure to provide parental controls. This action is part of Texas's broader initiative to enforce data privacy laws.
El Paso Healthcare System, Ltd. d/b/a Las Palmas Del Sol Healthcare (Healthcare Provider, TX) reported a HIPAA breach affecting 1,854 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
River Region Cardiology (Healthcare Provider, AL) reported a HIPAA breach affecting 48,600 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Community Connections (Healthcare Provider, DC) reported a HIPAA breach affecting 18,949 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James secured a $550,000 settlement from Hudson Valley health care operator HealthAlliance over a 2023 data breach that compromised the personal and medical information of 242,641 New Yorkers. The breach occurred after HealthAlliance failed to patch a known vulnerability in its web application system, allowing cyberattackers to exfiltrate patient and employee data. As part of the settlement, HealthAlliance must pay the penalty and implement enhanced cybersecurity measures including a comprehensive security program, patch management policy, and data inventory requirements.
$550K
The FTC took action against Gravy Analytics Inc. and Venntel Inc. for unlawfully tracking and selling sensitive consumer location data without consent. The proposed consent order prohibits the sale or use of sensitive location data, requires deletion of historic data, and mandates compliance programs. This is part of the FTC's series of actions against data brokers selling sensitive location data.
Atrium Health (Healthcare Provider, NC) reported a HIPAA breach affecting 585,959 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Texas Tech University Health Sciences Center (Healthcare Provider, TX) reported a HIPAA breach affecting 650,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne Harris settled with auto insurers GEICO and Travelers for $11.3 million combined over data breaches that exposed over 120,000 New Yorkers’ personal information, including driver’s license numbers and dates of birth. The breaches stemmed from insufficient data security controls, allowing hackers to steal information and file fraudulent unemployment claims during the COVID-19 pandemic. The settlements require the companies to pay penalties and implement enhanced cybersecurity measures including comprehensive information security programs, data inventories, and improved access controls.
$11.3M
Conceptions Reproductive Associates of Colorado (Healthcare Provider, CO) reported a HIPAA breach affecting 80,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Tech University Health Sciences Center El Paso (Healthcare Provider, TX) reported a HIPAA breach affecting 815,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
American Addiction Centers, Inc. (Business Associate, TN) reported a HIPAA breach affecting 410,747 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
GEICO and Travelers were fined $11.3 million for data breaches that exposed personal information of over 120,000 New Yorkers due to inadequate cybersecurity. The breaches involved driver's license numbers being stolen and used in fraudulent unemployment claims. The settlements mandate enhanced security measures and penalties.
$11.3M
Citadel of Northbrook (Healthcare Provider, IL) reported a HIPAA breach affecting 2,155 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Connecticut Attorney General William Tong sent a letter to Sephora regarding the marketing of anti-aging skincare products with harmful ingredients like retinol and acids to children and teens on social media. The AG seeks information on product placements in searches for kids and warning practices, cautioning parents about potential skin harm from these products.
Lubbock County Hospital District (Healthcare Provider, TX) reported a HIPAA breach affecting 1,461,776 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
East Central Missouri Behavioral Health Services, Inc. (Healthcare Provider, MO) reported a HIPAA breach affecting 20,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Laboratory Services Cooperative (Healthcare Provider, WA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
York County (Healthcare Provider, PA) reported a HIPAA breach affecting 841 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
AuthoraCare Collective (Healthcare Provider, NC) reported a HIPAA breach affecting 57,944 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Terrace of Hialeah (Healthcare Provider, FL) reported a HIPAA breach affecting 1,177 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Dolton Nursing & Rehab, LLC (Healthcare Provider, IL) reported a HIPAA breach affecting 1,559 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
HealthFund Solutions, LLC (Business Associate, FL) reported a HIPAA breach affecting 5,198 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Maternal Fetal Medicine Associates, PLLC, Carnegie Hill Imaging for Women, and Carnegie Women’s Health (collectively, “the Practices”) (Healthcare Provider, NY) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ASPEN HEALTHCARE SERVICES INC (Healthcare Provider, TX) reported a HIPAA breach affecting 7,195 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
ESHA, Inc. (Business Associate, TX) reported a HIPAA breach affecting 76,922 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New York Attorney General Letitia James reached a $250,000 settlement with National Amusements, Inc. after an investigation found the movie theater operator failed to implement adequate data security, leading to a breach exposing personal information of over 23,000 New York employees. The company also violated the New York Shield Act by delaying notification to affected individuals for more than a year after the breach. As part of the settlement, National Amusements must pay the penalty and implement enhanced cybersecurity measures including encryption, password policies, and an incident response plan.
$250K
Physicians' Primary Care of Southwest Florida (Healthcare Provider, FL) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Rocky Mountain Gastroenterology Associates PLLC (Healthcare Provider, CO) reported a HIPAA breach affecting 366,491 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.