1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Blue Cross and Blue Shield of Illinois (Health Plan, IL) reported a HIPAA breach affecting 6,903 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Health Care Service Corporation (Health Plan, IL) reported a HIPAA breach affecting 2,944 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Blue Cross and Blue Shield of Oklahoma (Health Plan, IL) reported a HIPAA breach affecting 1,020 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Blue Cross and Blue Shield of Texas (Health Plan, IL) reported a HIPAA breach affecting 12,086 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Summit Healthcare Medical Associates (Healthcare Provider, AZ) reported a HIPAA breach affecting 1,861 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Dallas County MHMR dba Metrocare Services (Healthcare Provider, TX) reported a HIPAA breach affecting 553 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email, Network Server.
Gardner Health Services (Healthcare Provider, CA) reported a HIPAA breach affecting 26,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Federal Trade Commission Chairman Andrew N. Ferguson issued a letter to the U.S. Trustee overseeing the 23andMe bankruptcy proceeding, expressing concerns about the potential sale or transfer of consumers' personal genetic data. The letter underscores the importance of companies honoring their privacy promises to consumers, particularly regarding sensitive information, during bankruptcy proceedings.
Mayo Clinic (Healthcare Provider, MN) reported a HIPAA breach affecting 1,869 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
AmeriHealth Caritas Louisiana (Health Plan, LA) reported a HIPAA breach affecting 1,552 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server, Other.
The California Privacy Protection Agency settled with American Honda Motor Co. for CCPA violations, including making it difficult for consumers to opt-out of data sharing, using dark patterns in its privacy tool, hindering authorized agent requests, and sharing data with ad tech companies without proper contracts. Honda must pay a $632,500 fine, implement new processes for privacy requests, certify compliance, train employees, and ensure appropriate data sharing contracts.
$633K
Total Medical Imaging (Healthcare Provider, FL) reported a HIPAA breach affecting 27,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Palmetto Operating LLC d/b/a Palmetto Subacute Care Center (‘Palmetto’) (Healthcare Provider, FL) reported a HIPAA breach affecting 2,746 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
New York Attorney General Letitia James led a 19-state coalition to secure a preliminary injunction blocking the Trump administration from granting Elon Musk and the Department of Government Efficiency (DOGE) unauthorized access to the Treasury Department’s central payment system and Americans’ sensitive personal information, including Social Security numbers and bank account details. A prior temporary restraining order required immediate destruction of all records already obtained by DOGE and Musk. The lawsuit remains ongoing to permanently prevent unauthorized access to private consumer data.
New York Attorney General Letitia James led a multistate coalition to sue the Trump administration for allowing Elon Musk and DOGE unauthorized access to the Treasury Department's central payment system, exposing Americans' sensitive personal information. A federal court granted a preliminary injunction blocking this access and ordering the destruction of any obtained records.
Texas Attorney General Ken Paxton announced an investigation into Chinese AI company DeepSeek for alleged violations of the Texas Data Privacy and Security Act, citing concerns over the company’s privacy practices and ties to the Chinese Communist Party. The AG also notified DeepSeek of the alleged violations, issued a ban on DeepSeek’s platform on all Office of the Attorney General devices, and sent third-party Civil Investigative Demands to Google and Apple for documentation related to the DeepSeek app. The investigation stems from allegations that DeepSeek acts as a proxy for the CCP to steal Texas citizens’ data and undermine U.S. AI dominance.
Restorix Health, Inc. (Business Associate, LA) reported a HIPAA breach affecting 38,553 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
New York Attorney General Letitia James led a multistate lawsuit against Elon Musk and his Department of Government Efficiency (DOGE) for gaining unauthorized access to the U.S. Treasury's payment system, which contains Americans' sensitive personal data and controls vital funding. A federal judge granted a temporary restraining order blocking DOGE from accessing this data and requiring the destruction of any records already obtained, with a preliminary injunction hearing set for February 14, 2025.
Connecticut Attorney General William Tong, leading a coalition of 19 attorneys general, secured a temporary restraining order blocking DOGE and Elon Musk from accessing Treasury Department payment systems containing sensitive personal data. The court found the Trump Administration illegally granted unauthorized access, exposing Americans' bank account details and Social Security numbers. The order mandates destruction of downloaded materials and restricts access to vetted civil servants.
New York Attorney General Letitia James led a coalition of 18 other state attorneys general in suing the Trump administration and Department of Government Efficiency (DOGE) to stop unauthorized access to Americans' sensitive personal data held in U.S. Treasury payment systems. A federal judge granted a temporary restraining order blocking DOGE from accessing the data and requiring immediate destruction of any copies already obtained. A hearing on a motion for preliminary injunction is scheduled for February 14, 2025.
New York Attorney General Letitia James led a coalition of 11 other attorneys general in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE unauthorized access to the Treasury Department’s central payment system, exposing Social Security numbers, bank account information, and other private data of tens of millions of Americans. A federal judge granted a temporary restraining order on February 8, 2025, blocking access and ordering destruction of all obtained records, with the coalition seeking a preliminary injunction to continue the bar on unauthorized access.
A coalition of 18 state attorneys general, led by Illinois AG Kwame Raoul, filed a lawsuit against the Trump administration to stop a policy that grants Elon Musk and DOGE unauthorized access to the Treasury Department's payment system, which contains sensitive personal information like bank details and Social Security numbers. The lawsuit seeks an injunction and a declaration that the policy is unlawful, arguing it violates federal law and jeopardizes data security.
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general in suing President Trump and the U.S. Treasury to stop DOGE's unauthorized access to the Treasury's central payment system and confidential records, calling it the largest data breach in American history. The lawsuit seeks an injunction to block the expanded access policy and a declaration that it is unlawful.
New York Attorney General Letitia James led a coalition of 19 states in filing a lawsuit against the Trump administration for illegally granting Elon Musk and DOGE access to the Treasury's payment system, exposing Americans' sensitive personal information. The lawsuit seeks an injunction to halt this policy and a declaration that it is unlawful and unconstitutional.
New York Attorney General Letitia James led a coalition of 19 state attorneys general in filing a lawsuit against the Trump administration and U.S. Department of the Treasury over unauthorized access to Americans’ sensitive personal data. The lawsuit alleges the Treasury Department illegally granted Elon Musk and the Department of Government Efficiency (DOGE) access to its central payment system containing bank account details, Social Security numbers, and other private information, violating federal law and the U.S. Constitution. The coalition seeks an injunction to halt the policy and a declaration that the access expansion is unlawful and unconstitutional.
Connecticut Attorney General William Tong joined a coalition of 12 attorneys general to announce they will file a lawsuit against the U.S. Department of the Treasury and DOGE for unlawfully granting Elon Musk and DOGE staff access to sensitive personal information and payment systems. The AGs argue this unauthorized access threatens privacy rights and essential payments for millions of Americans. The lawsuit seeks to revoke access and prevent further interference.
Mental Health Association Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 12,633 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
ZI NEUROSCIENCES (Healthcare Provider, NJ) reported a HIPAA breach affecting 1,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other, Paper/Films.
Aprendamos Intervention Team, P.A. (Healthcare Provider, NM) reported a HIPAA breach affecting 1,916 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Alpine Ears, Nose & Throat, P.L.L.C. (Healthcare Provider, CO) reported a HIPAA breach affecting 65,648 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
All data sourced from official government enforcement pages.