1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Community Care Alliance (Healthcare Provider, RI) reported a HIPAA breach affecting 114,975 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong announced a $5 million settlement with Stone Academy and its owners for unfair and deceptive conduct. The defunct for-profit nursing school misrepresented its programs and failed to provide promised education, abruptly closing in February 2023. The settlement provides cash compensation to harmed students and bars the owners from higher education employment.
$5.0M
New York Attorney General Letitia James led a multistate lawsuit against Elon Musk and his Department of Government Efficiency (DOGE) for gaining unauthorized access to the U.S. Treasury's payment system, which contains Americans' sensitive personal data and controls vital funding. A federal judge granted a temporary restraining order blocking DOGE from accessing this data and requiring the destruction of any records already obtained, with a preliminary injunction hearing set for February 14, 2025.
New Jersey Attorney General Matthew J. Platkin joined a coalition of 19 attorneys general in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE unauthorized access to the U.S. Treasury Department's central payment system, which contains sensitive personal information such as Social Security numbers and bank details. The lawsuit seeks an injunction to halt this policy and a declaration that it is unlawful and unconstitutional.
Blue & Co., LLC (Business Associate, IN) reported a HIPAA breach affecting 228,999 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VectraRx Mail Pharmacy Services, LLC (Healthcare Provider, AZ) reported a HIPAA breach affecting 109,383 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Escambia Community Clinics, Inc. dba Community Health Northwest Florida (Healthcare Provider, FL) reported a HIPAA breach affecting 143,969 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
University Diagnostic Medical Imaging, PC (Healthcare Provider, NY) reported a HIPAA breach affecting 138,080 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Allegheny Health Network Home Medical Equipment LLC and Allegheny Health Network Home Infusion LLC (Healthcare Provider, PA) reported a HIPAA breach affecting 292,773 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Asheville Eye Associates, PLLC (Healthcare Provider, NC) reported a HIPAA breach affecting 204,984 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The FTC alleged that General Motors and its OnStar subsidiary collected and sold drivers' precise geolocation and driving behavior data (e.g., hard braking, speeding) to consumer reporting agencies without adequately notifying consumers or obtaining their affirmative consent. A proposed consent order bans the companies from disclosing this sensitive data to consumer reporting agencies for five years and requires them to implement clearer consent mechanisms, data access/deletion processes, and opt-out options.
Mid America Physician Services (Healthcare Provider, KS) reported a HIPAA breach affecting 104,513 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong announced a $5 million preliminary settlement with Stone Academy and its owners for unfair and deceptive conduct. The for-profit nursing school failed to deliver promised education, lacking textbooks, experienced teachers, and clinical training, and abruptly closed in February 2023. The settlement provides cash payments to harmed students, bars the owner from higher education employment for five years, and includes measures to help students complete their education.
$5.0M
Newport Harbor Pathology Medical Group, Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 119,341 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Medusind Inc. (Business Associate, FL) reported a HIPAA breach affecting 701,475 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Tycon Medical Systems, Inc. (Healthcare Provider, VA) reported a HIPAA breach affecting 112,847 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Richmond University Medical Center (Healthcare Provider, NY) reported a HIPAA breach affecting 674,033 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Regional Care, Inc. (Healthcare Clearing House, NE) reported a HIPAA breach affecting 225,728 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Summit Medical Group, PLLC (Healthcare Provider, TN) reported a HIPAA breach affecting 464,159 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Texas Attorney General Ken Paxton has launched investigations into Character.AI and fourteen other companies, including Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA regarding children's privacy and safety. The investigations focus on unauthorized sharing of minors' data and lack of parental controls. No penalties have been imposed yet as the investigations are ongoing.
Atrium Health (Healthcare Provider, NC) reported a HIPAA breach affecting 585,959 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
American Addiction Centers, Inc. (Business Associate, TN) reported a HIPAA breach affecting 410,747 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Tech University Health Sciences Center El Paso (Healthcare Provider, TX) reported a HIPAA breach affecting 815,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Tech University Health Sciences Center (Healthcare Provider, TX) reported a HIPAA breach affecting 650,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Rocky Mountain Gastroenterology Associates PLLC (Healthcare Provider, CO) reported a HIPAA breach affecting 366,491 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Great Plains Regional Medical Center (Healthcare Provider, OK) reported a HIPAA breach affecting 133,149 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Rockford Gastroenterology Associates (Healthcare Provider, IL) reported a HIPAA breach affecting 147,253 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
RRCA Accounts Management Inc. (Business Associate, IL) reported a HIPAA breach affecting 115,837 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer, Network Server.
The Connecticut Attorney General obtained a $5 million stipulated judgment against Vision Solar for alleged deceptive sales practices, including high-pressure tactics, misrepresentations, and performing unpermitted work. Although the company is bankrupt and cannot pay, the judgment establishes binding operational standards for solar companies in Connecticut regarding disclosures, contracting, permitting, and use of licensed contractors.
$5.0M
Texas Attorney General Ken Paxton secured a $3.5 million settlement with Marriott International, Inc. following an investigation into a data breach of the company’s reservation database that exposed 131 million U.S. guest records. The breach included sensitive customer information such as contact details, dates of birth, unencrypted passport numbers, and unexpired payment card information. Marriott is required to implement enhanced data security measures, including zero-trust principles and regular security reporting to its CEO, as part of the settlement.
$3.5M
All data sourced from official government enforcement pages.