1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The New Jersey Attorney General announced an investigation into how the personal information of millions of Facebook users was harvested and obtained by Cambridge Analytica, a UK-based data analytics company. The AG expressed concern that Facebook may have allowed the harvesting and monetization of user data despite promises to keep it secure.
Cottage Health System experienced two data breaches exposing medical information of over 50,000 patients due to inadequate security measures. The settlement requires a $2 million penalty and upgrades to security practices, including designating a Chief Privacy Officer.
$2.0M
New Jersey Attorney General Christopher Porrino announced that New Jersey has joined a multi-state investigation into Equifax following a data breach affecting 143 million consumers. The multi-state group sent a letter demanding Equifax disable fee-based credit monitoring services and reimburse consumers for credit freeze fees with other bureaus, citing unfair practices and a months-long delay in breach disclosure.
Lenovo preinstalled 'Visual Discovery' software on its computers that intercepted browsing data and broke encrypted connections without user consent, compromising security and privacy. The multi-state settlement imposes a $3.5 million penalty and requires Lenovo to implement disclosure, consent, opt-out, and security compliance measures.
$3.5M
New Jersey joined 31 other states and the FTC in a $3.5 million settlement with Lenovo for pre-installing VisualDiscovery ad software on laptops that created a 'man-in-the-middle' security vulnerability, intercepting users' encrypted data without adequate disclosure or opt-out mechanisms. The settlement requires Lenovo to improve transparency, obtain affirmative consent, provide effective opt-out tools, and implement a long-term security compliance program with independent audits.
$3.5M
Nationwide Insurance settled a multi-state investigation into a 2012 data breach that exposed personal information of 1.27 million consumers due to failure to apply a security patch. The settlement requires enhanced security practices, hiring a Technology Officer, and a $5.5 million payment to the states.
$5.5M
Target settled a multi-state enforcement action for a 2013 data breach that exposed payment card information of over 40 million customers due to inadequate security. The $18.5 million settlement requires Target to implement advanced security measures, and California receives over $1.4 million.
$18.5M
Target Corp. agreed to pay $18.5 million to resolve a multi-state investigation into the November 2013 data breach that compromised payment card information of over 41 million shoppers. The settlement requires Target to implement comprehensive cybersecurity reforms, including a dedicated Information Security Program, encryption, network segmentation, and third-party assessments.
$18.5M
Horizon Blue Cross Blue Shield of New Jersey agreed to pay $926,803 in civil penalties and implement a corrective action plan to settle allegations that it failed to encrypt laptops containing protected health information, violating HIPAA/HITECH and the New Jersey Consumer Fraud Act.
$927K
VIZIO and Inscape settled allegations that they collected viewing data from Smart TVs without adequate disclosure and consent, selling it to third parties. They agreed to pay $1 million to New Jersey, destroy collected data, and implement privacy measures including obtaining consumer consent and establishing a privacy program.
$1.0M
Wells Fargo Bank recorded consumer phone calls without providing timely notice as required by California law, violating privacy statutes. The settlement imposes a $7.616 million civil penalty, requires compliance with disclosure standards, and mandates an internal compliance program to protect consumer privacy.
$7.6M
The California Attorney General settled with Houzz Inc. for secretly recording incoming and outgoing telephone calls from March to September 2013 without notifying or obtaining consent from all parties, violating state wiretapping and eavesdropping laws. The settlement requires Houzz to pay $175,000, appoint a Chief Privacy Officer, conduct a privacy risk assessment, secure and destroy the recordings, and implement compliance measures.
$175K
Comcast disclosed personal information of approximately 75,000 customers who had paid for unlisted VOIP phone service. The settlement includes a $25 million penalty and $8 million in restitution, along with a permanent injunction requiring improved privacy practices and customer disclosures.
$25.0M
The New Jersey Division of Consumer Affairs settled with DealerApp, a mobile app developer for auto dealerships, for allegedly collecting and transmitting consumer personal information without notice or consent. DealerApp agreed to pay a $38,000 civil penalty and implement measures to disclose data practices and obtain consent for third-party sharing.
$38K
The New Jersey Attorney General and FTC settled with app developer Equiliv Investments and Ryan Ramminger for distributing the Prized app that contained malware to mine cryptocurrency without user consent. The settlement prohibits such activities, requires record-keeping for 20 years, and imposes a $5,200 penalty with an additional $44,800 suspended.
$5K
The New Jersey Division of Consumer Affairs obtained a consent decree against Jeremy Rubin, developer of Tidbit Bitcoin-mining software, for accessing New Jersey computers without users' knowledge or consent. The settlement includes a suspended $25,000 monetary penalty and prohibits future unauthorized access, requiring clear notification and verifiable consent.
$25K
The California Attorney General reached a $28.4 million settlement with Aaron's, Inc. for installing spyware on rented computers without customer consent and for violating the Karnette Rental-Purchase Act. The spyware, called 'Detective Mode', allowed remote monitoring of keystrokes, screenshots, location, and webcam activation. Aaron's must refund $25 million to approximately 100,000 customers and pay $3.4 million in penalties, and is prohibited from using spyware.
$3.4M
The California Attorney General filed a complaint against Kaiser Foundation Health Plan, Inc. for improperly disposing of patient medical records containing protected health information. The records, including diagnoses and lab results, were found discarded at a recycling facility, violating patient privacy. The action alleges breaches of the California Confidentiality of Medical Information Act.
The New Jersey Attorney General settled with Dokogeo, the developer of the Dokobots app, for violating COPPA by collecting personal information from children without parental consent. The settlement requires Dokogeo to disclose its data practices, stop collecting children's data, delete existing children's data, and pay a suspended $25,000 penalty.
$25K
Dataium settled allegations that it used history sniffing to track consumers' online browsing without consent and sold personal data of 400,000 consumers to a data broker without notice. The settlement imposes a $400,000 monetary penalty, requires a privacy program, and mandates transparency and opt-out mechanisms.
$400K
New Jersey joined a multi-state settlement with Google alleging that Google circumvented Safari browser's default privacy settings to plant third-party cookies without user consent. Google agreed to pay $17 million and implement injunctive relief to prevent such conduct and improve transparency.
$17.0M
In 2013, the California Attorney General filed a complaint against Citibank, N.A. alleging that the bank failed to implement adequate security measures and did not properly notify customers about a data breach exposing personal and financial information. The complaint asserts violations of California's data breach notification law.
PulsePoint circumvented Safari browser privacy settings to place unauthorized cookies, enabling targeted advertising without user consent. The New Jersey Division of Consumer Affairs secured a $1 million settlement, including a $566,200 civil penalty, and mandated privacy reforms such as third-party assessments and website disclosures.
$566K
Google settled multi-state allegations that it collected personal data from unsecured wireless networks during Street View operations without user consent. The settlement requires Google to destroy the collected data, refrain from future non-consensual collection, implement a 10-year employee privacy training program, and run a public advertising campaign. New Jersey's share of the settlement is approximately $147,000.
Anthem Blue Cross printed Social Security numbers on mailed letters, exposing the personal information of over 33,000 Medicare subscribers. The settlement requires the company to improve data security measures, provide employee training, and pay $150,000. This action aims to prevent future privacy violations.
$150K
All data sourced from official government enforcement pages.