1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
New Jersey is co-leading a nationwide investigation into whether Instagram and its parent company Meta Platforms, Inc. are violating state consumer protection laws by employing techniques that induce children, teenagers, and young adults to use the platform in potentially harmful ways. The bipartisan coalition of attorneys general is examining the potential mental and physical health harms resulting from extended engagement, including depression, anxiety, and body image issues.
Command Marketing Innovations, LLC and Strategic Content Imaging, LLC settled allegations that they violated the New Jersey Consumer Fraud Act and HIPAA by failing to safeguard protected health information, exposing the data of 55,715 New Jersey residents. The companies agreed to pay $130,000 in penalties and implement comprehensive security measures, including appointing security officers and providing employee training.
$130K
Attorney General William Tong issued a public warning about unregulated and illegal cannabis edibles sold in packaging that mimics popular snack foods, posing significant risks to children through accidental THC overdose. The AG highlighted the dangers of these look-alike products and urged reporting, while noting that legal cannabis sales in Connecticut will enforce strict packaging standards.
The FTC released a staff report based on Section 6(b) orders to six major ISPs, finding they collect extensive personal data, including internet traffic and location data, and share it with third parties. The ISPs often obscure data use disclosures in fine print and make it difficult for consumers to opt out, while combining data to profile sensitive characteristics. The report highlights the need for stricter privacy restrictions.
Connecticut Attorney General William Tong led a coalition of 14 attorneys general in demanding that Facebook disclose whether members of the 'Disinformation Dozen' were granted XCheck protections, which allow users to bypass enforcement rules. The coalition seeks information on the extent of anti-vaccine content from whitelisted users and complaint outcomes.
The New Jersey Attorney General settled with Diamond Institute for Infertility and Menopause, LLC, following a data breach that exposed the electronic protected health information (ePHI) of 14,663 patients. The investigation found the clinic failed to implement required HIPAA Security Rule safeguards, including risk assessments, encryption, and access controls. The $495,000 settlement includes civil penalties and requires the clinic to implement a comprehensive information security program and corrective actions.
$495K
Connecticut Attorney General William Tong requested a meeting with TikTok leadership to address the harmful impact of viral challenges like 'Devious Licks' and 'Slap a Teacher' on student and educator safety. The AG criticized TikTok's enforcement of its terms of service and urged reforms to prevent the spread of dangerous content.
Attorney General William Tong released an update on the implementation of the Anti-Robocall Principles signed in 2019. Telecom companies have identified over 52 billion spam calls and blocked 32.5 billion, but robocalls continue to cause significant financial losses. Enforcement actions have increased with thousands of tracebacks and investigations.
A caseworker with the New Jersey Division of Child Protection and Permanency was charged with criminal offenses for allegedly accessing and disclosing confidential DCF database records without authorization. The charges include Computer Theft and Unlawful Access and Disclosure. The investigation was conducted by the New Jersey State Police.
The FTC banned Support King, LLC (SpyFone) and its CEO from the surveillance business for secretly harvesting and sharing users' data without consent, and ordered the deletion of all illegally collected data and notification to affected device owners. The company failed to secure the data, leading to a hack that exposed 2,200 consumers.
Connecticut Attorney General William Tong and Department of Consumer Protection Commissioner Michelle Seagull issued a consumer warning following Tropical Storm Henri about common disaster-related scams, including fraudulent contractors, fake charities, job scams, and used car scams. The release provides specific advice for consumers on how to verify contractors and charities and avoid common scam tactics.
Connecticut Attorney General William Tong announced a $678,901 settlement with L.A. Vision and optician Lisa Azinheira for overbilling the state Medicaid program. The providers billed for non-medically necessary vision services and extra eyeglasses for children. In addition to restitution, they must comply with a federal Integrity Agreement requiring audits, training, and compliance measures.
$679K
The FTC removed Aristotle International, Inc. from its list of approved COPPA Safe Harbor programs due to insufficient monitoring of member companies' compliance with COPPA guidelines. This action prevents operators from using Aristotle's program for favorable regulatory treatment and marks the first such removal since COPPA's inception.
Attorney General William Tong of Connecticut joined a multistate amicus brief in the U.S. Court of Appeals for the Second Circuit, supporting a lawsuit that challenges the Trump administration's 2019 Borrower Defense Rule. The rule weakened protections for students defrauded by for-profit schools by making it harder to obtain federal student loan debt relief. The amicus brief argues that the rule is arbitrary and capricious and should be eliminated.
Connecticut Attorney General and agencies settled with Town Square Energy for deceptive marketing, including misrepresenting rates and enrolling customers without consent. Town Square must pay $400,000 to Operation Fuel and cease in-person marketing for 15 months.
$400K
Attorney General William Tong of Connecticut joined a multistate coalition of 37 attorneys general in filing a lawsuit against Google alleging antitrust violations related to the Google Play Store and Google Billing. The lawsuit claims Google used its dominance to restrict competition, force developers to use Google Billing, and charge high commissions up to 30%. The action seeks to restore competition in the app market and halt Google's anticompetitive practices.
The FTC settled with Kuuhuub Inc., operator of the Recolor coloring book app, for violating COPPA by collecting personal information from children under 13 without parental consent. The app's social media features allowed children to register and share data, and third-party ad networks collected persistent identifiers for targeted ads. The settlement requires deletion of children's data, refunds to underage subscribers, a $3 million penalty (suspended upon $100,000 payment), and user notifications about the violations.
$3.0M
Attorney General William Tong praised the Connecticut House for passing legislation to strengthen price gouging laws. The bill addresses three shortcomings in the current statute by expanding its application to the entire supply chain, clearly defining price gouging as an 'unconsciously excessive price', and including rentals and leases. The legislation now proceeds to the Senate for consideration.
The FTC settled with Vivint Smart Homes, Inc. for $20 million over allegations that the company misused consumer credit reports to secure financing for unqualified customers, harming consumers' credit. The FTC is now distributing approximately $500,000 in refunds to affected consumers.
$20.0M
The FTC settled with Vivint Smart Home, Inc. for misusing consumer credit reports to qualify customers for financing without permission, harming innocent third parties' credit. Vivint agreed to pay $20 million, with over $4.7 million for consumer compensation, and established a Customer Service Task Force.
$20.0M
AMCA suffered an eight-month data breach from August 2018 to March 2019, exposing personal information including Social Security numbers, payment card data, and medical test details of over 7 million individuals nationwide, including 246,000 New Jersey residents. The multistate settlement requires AMCA to implement enhanced data security measures and pay $21 million, though payment is suspended due to the company's financial situation.
$21.0M
The FTC finalized a settlement with SkyMed International, Inc., an emergency travel services provider, for failing to secure sensitive consumer data and deceiving consumers about HIPAA compliance. The company left a cloud database with 130,000 membership records unsecured, containing personal and health information. Under the settlement, SkyMed must notify affected consumers, implement a security program, undergo biennial assessments, and is prohibited from misrepresenting its data practices.
The FTC finalized a settlement with Zoom Video Communications, Inc. for misleading consumers about its data security practices and compromising user security. The settlement requires Zoom to implement a comprehensive security program, review software updates for security flaws, and undergo biennial third-party assessments.
The FTC settled with Flo Health, Inc., developer of a popular fertility-tracking app, alleging it misled users by sharing sensitive health data with third-party analytics providers like Facebook and Google after promising to keep such data private. The proposed consent order requires Flo to obtain user consent before sharing health data, notify affected users, and destroy previously shared data, among other requirements.
Everalbum, Inc. settled FTC allegations that it deceived consumers about its use of facial recognition technology in its photo storage app and failed to delete photos when users deactivated their accounts. The settlement requires Everalbum to obtain express consent before using facial recognition, delete user photos and derived face embeddings, and delete developed models and algorithms. It also prohibits misrepresentations about data practices and requires consent for biometric data use if marketing software to consumers.
New Jersey participated in a multi-state settlement resolving an investigation into a 2017 data breach at Sabre Hospitality Solutions. Intruders accessed the company's hotel booking system from August 2016 to March 2017, compromising data from over 1.3 million consumer credit cards, including CVV numbers and expiration dates. Sabre failed to promptly notify affected consumers. The $2.4 million settlement requires Sabre to implement enhanced data security measures, develop a breach notification plan, clarify contractual responsibilities with client hotels, and undergo third-party security assessments.
$2.4M
New Jersey joined a multistate $2 million settlement with online retailer CafePress over a 2019 data breach that exposed personal information of approximately 22 million consumers nationwide, including over 540,000 in New Jersey. The settlement requires CafePress to implement a comprehensive cybersecurity program, incident response plan, and third-party assessments for five years, with payment suspended pending compliance.
$2.0M
SkyMed International, Inc. settled FTC allegations that it failed to secure sensitive consumer data, including health information, leaving a cloud database with 130,000 records exposed to the public. The FTC also alleged that SkyMed misrepresented HIPAA compliance on its website. As part of the settlement, SkyMed must implement a comprehensive security program, undergo biennial third-party assessments, and send notices to affected consumers.
Ascension Data & Analytics, LLC, a mortgage analytics company, settled FTC allegations that it violated the Gramm-Leach-Bliley Act's Safeguards Rule by failing to ensure its vendor adequately protected consumer data. The vendor stored sensitive mortgage information in plain text on a cloud server, leading to unauthorized access. Ascension must implement a data security program, undergo biennial assessments, and report future breaches.
The FTC issued orders under Section 6(b) of the FTC Act to nine social media and video streaming companies requiring them to provide data on their data collection, use, advertising practices, and effects on children and teens. The companies must respond within 45 days.
All data sourced from official government enforcement pages.