1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The Connecticut Attorney General and Consumer Counsel secured a settlement requiring Charter Communications to adhere to consumer protection commitments as it acquires Cox Communications. The agreement, pending PURA approval, includes pricing transparency, service reliability improvements, a $3 million digital access investment, and compliance with the Connecticut Data Privacy Act. It also maintains a Connecticut workforce and office, and prevents cost pass-through to customers.
The Connecticut Attorney General and Consumer Counsel announced a settlement with Charter Communications regarding its proposed acquisition of Cox Communications. The settlement includes consumer protections such as billing transparency, service reliability improvements, a $3 million digital access investment, and other commitments. It is pending approval by the Public Utilities Regulatory Authority.
California Attorney General Rob Bonta announced an investigative sweep targeting businesses that use surveillance pricing, which involves setting individualized prices based on consumer data. The Department of Justice is sending information request letters to companies in the retail, grocery, and hotel sectors to assess compliance with the CCPA's purpose limitation principle. This action seeks to ensure that consumers are not charged different prices without proper disclosure and that businesses adhere to privacy laws.
WindRose Health Network (Healthcare Provider, IN) reported a HIPAA breach affecting 691 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A bipartisan coalition of 35 state attorneys general led by New York Attorney General Letitia James sent a demand letter to xAI on January 26, 2026, requiring the company to address its Grok chatbot’s creation and sharing of nonconsensual intimate images, including child sexual abuse material. The AGs demand that xAI implement safeguards to prevent Grok from generating such content, delete existing harmful content, suspend offending users, and give X users control over whether their content can be edited by Grok. No monetary penalty has been imposed as this is a pre-enforcement demand for action.
Consumer protection case involving charity fraud. A former Orangetheory Fitness instructor pleaded guilty to stealing charitable donations collected during workout classes between 2021 and 2024. He diverted over $24,000 intended for charities to his personal Venmo account to fund his cocaine habit. The Oregon DOJ and Multnomah County DA's Office pursued criminal charges and civil claims to secure restitution and prevent future charitable sector involvement.
Precipio, Inc. (Healthcare Provider, CT) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
True RCM, a Rapid Care Transcription, Inc., Company (Business Associate, MD) reported a HIPAA breach affecting 1,247 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer.
AdventHealth Daytona Beach (Healthcare Provider, FL) reported a HIPAA breach affecting 821 individuals. Breach type: Loss. Location of breached information: Paper/Films.
Middlesex Sheriff's Office (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Benton County Health (Healthcare Provider, OR) reported a HIPAA breach affecting 1,476 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta joined a multistate coalition in filing an amicus brief opposing the U.S. Department of Justice's subpoena for patient records from University of Pittsburgh Medical Center related to gender-affirming care. The brief argues that the subpoena violates patient privacy, infringes on states' rights to regulate medicine, and exceeds DOJ's statutory authority.
California Attorney General Rob Bonta, alongside attorneys general from New York, Colorado, Illinois, and Minnesota, filed a motion for preliminary injunction to continue blocking the Trump Administration's unlawful freeze of $10 billion in federal funding for child care and family assistance programs and to prevent broad data requests for personally identifiable information of millions of residents. The funding freeze targets five Democratic-led states without evidence of fraud, and the data requests are part of the challenged unlawful actions. A temporary restraining order was previously granted blocking these measures.
Central Texas MHMR Center dba Center for Life Resource (Healthcare Provider, TX) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Superior Care Plus LLC d/b/a Supportive Home Health LLC (Healthcare Provider, OH) reported a HIPAA breach affecting 1,415 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Administrators of the Tulane Educational Fund d/b/a Tulane University Medical Group (Healthcare Provider, LA) reported a HIPAA breach affecting 6,556 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Southern Immediate Care, LLC (Healthcare Provider, AL) reported a HIPAA breach affecting 7,447 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
California Attorney General Rob Bonta announced an investigation into xAI for its Grok AI model generating nonconsensual sexual images of women and children, including child sexual abuse material. The AG expressed deep concern and zero tolerance, urging immediate action to prevent further
Florence County Commission on Alcohol & Drug Abuse – dba Circle Park Behavioral Health Services (“Circle Park”) (Healthcare Provider, SC) reported a HIPAA breach affecting 7,020 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Privacy enforcement action where the FTC settled with General Motors and OnStar for collecting and selling consumers' geolocation and driving behavior data without adequate notice or consent. The order prohibits sharing data with consumer reporting agencies and requires transparency and consumer choice measures.
Consumer fraud case where the FTC sued JustAnswer LLC for deceiving consumers into enrolling in a costly recurring monthly subscription by falsely claiming low one-time fees. The company did not obtain affirmative consent or clearly disclose subscription terms, violating ROSCA and the FTC Act. The FTC seeks an injunction, consumer refunds, and civil penalties.
TMG Health, Inc. (Business Associate, TX) reported a HIPAA breach affecting 2,076 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
FullBeauty Brands, Inc. Associate Benefits Plan (Health Plan, NY) reported a HIPAA breach affecting 4,725 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Consumer fraud investigation where the FTC is seeking information from 20 universities about whether sports agents are complying with the Sports Agent Responsibility and Trust Act (SPARTA), which requires disclosures to student athletes and notification to schools. The inquiry aims to ensure student athletes are protected from deceptive practices by agents.
The Center for Neuropsychology and Learning, PC (Healthcare Provider, MI) reported a HIPAA breach affecting 3,722 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Massachusetts Attorney General Andrea Campbell filed a motion to enforce a preliminary injunction against the Trump Administration's demands for personal data of SNAP recipients. The court previously blocked such demands, but the administration renewed its request, threatening to withhold funding. The AG seeks to ensure compliance with federal privacy laws and protect SNAP recipients' sensitive information.
New York Attorney General Letitia James sent a letter to Instacart demanding information about its use of algorithmic pricing, after a study found users were charged up to 23% more for identical products. The AG warned that Instacart’s pricing disclosures are non-compliant with New York’s Algorithmic Pricing Disclosure Act, which requires prominent notices near product prices when personal data is used to set prices. Instacart must provide details on its pricing experiments, automated tools, and compliance efforts with the state’s disclosure requirements.
ABKSW PREFERRED HEALTH PARTNERS, PLLC d/b/a NORTH TEXAS PREFERRED HEALTH PARTNERS (Healthcare Provider, TX) reported a HIPAA breach affecting 2,074 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Civil rights investigation by the Oregon Attorney General into an incident where federal agents shot two people in Portland, examining whether officers acted outside lawful authority and addressing concerns about a pattern of excessive force.
Devereux Foundation (Healthcare Provider, PA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.