1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Consumer fraud enforcement action where the FTC is distributing $23 million in refunds to investors defrauded by the Sanctuary Belize and Kanantik real estate schemes. The defendants deceived consumers about luxury amenities and resale potential, resulting in losses of over $100 million. This is the second round of refunds following a court judgment.
$22.9M
Issaqueena Pediatric Dentistry PA (Healthcare Provider, SC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Personalis, Inc. (Healthcare Provider, CA) reported a HIPAA breach affecting 650 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Antitrust enforcement action where the FTC settled with Express Scripts, a major pharmacy benefit manager, for using anticompetitive rebating practices that artificially inflated insulin prices. The settlement requires ESI to change its business practices to increase transparency and lower patient out-of-pocket costs, potentially saving $7 billion over 10 years.
EyeCare Partners, LLC, including The Ophthalmology Group, Ophthalmology Consultants, and Ophthalmology Associates. (Healthcare Provider, MO) reported a HIPAA breach affecting 17,110 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Pafford Medical Services (Healthcare Provider, AR) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Mindoula Health, Inc. (Business Associate, MD) reported a HIPAA breach affecting 626 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Connecticut Attorney General William Tong led a coalition of 48 states and territories in announcing settlements with Lannett Company, Inc. and Bausch Health entities totaling $17.85 million. The settlements resolve allegations that the companies engaged in conspiracies to inflate prices and limit competition for generic prescription drugs. The companies agreed to cooperate in ongoing litigation and implement internal reforms, while a new complaint was filed against Novartis and subsidiaries.
$17.9M
Lincoln National Corporation d/b/a/ Lincoln Financial (Health Plan, IN) reported a HIPAA breach affecting 998 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Health and Hospital Corporation of Marion County (Healthcare Provider, IN) reported a HIPAA breach affecting 792 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email, Laptop.
BAYADA Home Health Care, Inc. (Healthcare Provider, NJ) reported a HIPAA breach affecting 9,526 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wakefield & Associates, LLC (Business Associate, TN) reported a HIPAA breach affecting 31,751 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Comstar, LLC, an ambulance billing vendor, suffered a data breach in March 2022 that exposed sensitive patient information, including Social Security numbers and medical records, of over 349,000 residents in Connecticut and Massachusetts. The settlement requires Comstar to pay $515,000 and implement enhanced security measures such as phishing protection and annual security assessments.
$515K
The Connecticut Attorney General and Consumer Counsel secured a settlement requiring Charter Communications to adhere to consumer protection commitments as it acquires Cox Communications. The agreement, pending PURA approval, includes pricing transparency, service reliability improvements, a $3 million digital access investment, and compliance with the Connecticut Data Privacy Act. It also maintains a Connecticut workforce and office, and prevents cost pass-through to customers.
The Connecticut Attorney General and Consumer Counsel announced a settlement with Charter Communications regarding its proposed acquisition of Cox Communications. The settlement includes consumer protections such as billing transparency, service reliability improvements, a $3 million digital access investment, and other commitments. It is pending approval by the Public Utilities Regulatory Authority.
Clinic Service Corporation (Business Associate, CO) reported a HIPAA breach affecting 82,331 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Massachusetts Attorney General secured a $515,000 settlement with Comstar, LLC for a March 2022 data breach that exposed sensitive patient information of over 326,000 Massachusetts residents. Comstar violated Massachusetts Data Security regulations and HIPAA by failing to maintain adequate security measures. The settlement includes monetary payment and mandated security improvements.
$515K
California Attorney General Rob Bonta announced an investigative sweep targeting businesses that use surveillance pricing, which involves setting individualized prices based on consumer data. The Department of Justice is sending information request letters to companies in the retail, grocery, and hotel sectors to assess compliance with the CCPA's purpose limitation principle. This action seeks to ensure that consumers are not charged different prices without proper disclosure and that businesses adhere to privacy laws.
Consumer fraud case where the FTC settled with Growth Cave defendants for operating a deceptive business opportunity and credit repair scheme that cost consumers nearly $50 million. The settlement permanently bans them from such activities, requires asset liquidation to pay a $48.6 million judgment, and prohibits misleading earnings claims and AI use.
$48.6M
WindRose Health Network (Healthcare Provider, IN) reported a HIPAA breach affecting 691 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A bipartisan coalition of 35 state attorneys general led by New York Attorney General Letitia James sent a demand letter to xAI on January 26, 2026, requiring the company to address its Grok chatbot’s creation and sharing of nonconsensual intimate images, including child sexual abuse material. The AGs demand that xAI implement safeguards to prevent Grok from generating such content, delete existing harmful content, suspend offending users, and give X users control over whether their content can be edited by Grok. No monetary penalty has been imposed as this is a pre-enforcement demand for action.
Pecan Tree Dental, PLLC (Healthcare Provider, TX) reported a HIPAA breach affecting 13,300 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Telemarketing enforcement case where the FTC obtained a temporary restraining order against defendants who deceptively marketed limited benefit health plans as comprehensive health insurance. The scheme caused tens of millions of dollars in harm to consumers seeking health coverage. The court halted operations at the FTC's request.
Consumer protection case involving charity fraud. A former Orangetheory Fitness instructor pleaded guilty to stealing charitable donations collected during workout classes between 2021 and 2024. He diverted over $24,000 intended for charities to his personal Venmo account to fund his cocaine habit. The Oregon DOJ and Multnomah County DA's Office pursued criminal charges and civil claims to secure restitution and prevent future charitable sector involvement.
Precipio, Inc. (Healthcare Provider, CT) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Jefferson-Blount-St. Clair Mental Health Authority (Healthcare Provider, AL) reported a HIPAA breach affecting 30,434 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
True RCM, a Rapid Care Transcription, Inc., Company (Business Associate, MD) reported a HIPAA breach affecting 1,247 individuals. Breach type: Hacking/IT Incident. Location of breached information: Desktop Computer.
AdventHealth Daytona Beach (Healthcare Provider, FL) reported a HIPAA breach affecting 821 individuals. Breach type: Loss. Location of breached information: Paper/Films.
Middlesex Sheriff's Office (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta sent a cease and desist letter to xAI, demanding the company immediately stop the creation and distribution of deepfake, nonconsensual intimate images and child
All data sourced from official government enforcement pages.