1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The FTC alleged that General Motors and its OnStar subsidiary collected and sold drivers' precise geolocation and driving behavior data (e.g., hard braking, speeding) to consumer reporting agencies without adequately notifying consumers or obtaining their affirmative consent. A proposed consent order bans the companies from disclosing this sensitive data to consumer reporting agencies for five years and requires them to implement clearer consent mechanisms, data access/deletion processes, and opt-out options.
Texas Attorney General Ken Paxton filed a lawsuit against Allstate and its subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million consumers without consent. The data, which includes precise geolocation information, was used to justify insurance premium increases. This action alleges violations of the Texas Data Privacy and Security Act (TDPSA).
Eastern Idaho Public Health (Healthcare Provider, ID) reported a HIPAA breach affecting 759 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
The U.S. Department of Justice and ten states filed an amended complaint against six major landlords for using algorithmic pricing and sharing competitively sensitive information to suppress competition and raise rents. Cortland Management LLC agreed to a consent decree requiring it to cease these practices, cooperate with the investigation, and submit to court-monitored oversight. The landlords collectively manage over 1.3 million rental units across the United States.
DentaQuest (Health Plan, WI) reported a HIPAA breach affecting 868 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Khalil Foundation (DBA Khalil Center) (Healthcare Provider, IL) reported a HIPAA breach affecting 1,153 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Texas Attorney General Ken Paxton announced investigations into 15 companies, including Character.AI, Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA concerning children's privacy. The investigations target practices such as unauthorized sharing of minors' personal data and failure to provide parental controls. This action is part of Texas's broader initiative to enforce data privacy laws.
Texas Attorney General Ken Paxton launched investigations into Character.AI and 14 other companies, including Reddit, Instagram, and Discord, over potential violations of children’s privacy and safety laws. The investigations focus on compliance with the SCOPE Act and Texas Data Privacy and Security Act (TDPSA), which require parental consent for sharing minors’ data and mandate notice and consent requirements for children’s personal information. No fines or remedies have been imposed as the investigations are ongoing.
El Paso Healthcare System, Ltd. d/b/a Las Palmas Del Sol Healthcare (Healthcare Provider, TX) reported a HIPAA breach affecting 1,854 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
The FTC took action against Gravy Analytics Inc. and Venntel Inc. for unlawfully tracking and selling sensitive consumer location data without consent. The proposed consent order prohibits the sale or use of sensitive location data, requires deletion of historic data, and mandates compliance programs. This is part of the FTC's series of actions against data brokers selling sensitive location data.
Atrium Health (Healthcare Provider, NC) reported a HIPAA breach affecting 585,959 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
AuthoraCare Collective (Healthcare Provider, NC) reported a HIPAA breach affecting 57,944 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Mid-Minnesota Management Services d/b/a Central Resources (Business Associate, IL) reported a HIPAA breach affecting 1,232 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Huron Inc. Health Plan (Health Plan, MI) reported a HIPAA breach affecting 750 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Mohawk Valley Cardiology, P.C. (Healthcare Provider, NY) reported a HIPAA breach affecting 4,973 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Jacksonville Children's Multispecialty Clinics/Atlantic Medical Management (Healthcare Provider, NC) reported a HIPAA breach affecting 2,224 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Ad Valorem Records, Inc. (Business Associate, TN) reported a HIPAA breach affecting 590 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Texas Attorney General Ken Paxton filed a lawsuit against TikTok for violating the Securing Children Online through Parental Empowerment (SCOPE) Act by sharing minors’ personal identifying information without parental consent and failing to provide parents with tools to manage their children’s account privacy settings. The lawsuit seeks civil penalties of up to $10,000 per violation and injunctive relief to prevent future violations. TikTok is accused of prioritizing profit over the online safety and privacy of Texas children.
The FTC staff report examined data practices of nine major social media and video streaming companies and found they engaged in vast surveillance of users with lax privacy controls and inadequate safeguards for children and teens. The report recommends limiting data collection, restricting targeted advertising, and strengthening protections for young users, and calls for comprehensive federal privacy legislation.
Attorney General William Tong, along with the U.S. Department of Justice and eight other state attorneys general, filed a civil antitrust lawsuit against RealPage Inc. for allegedly using its algorithmic pricing software to facilitate price fixing among landlords and monopolize the market for revenue management software. The complaint alleges that RealPage collects competitively sensitive rental data from landlords to train its algorithm, which then recommends prices, harming renters by reducing competition. The lawsuit seeks an injunction to end these practices and restore competition.
Contents Trader, Inc. (Healthcare Provider, TX) reported a HIPAA breach affecting 27,329 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Florida Attorney General Ashley Moody, joined by 20 other state attorneys general, sent a letter to online retailer Temu and its parent company PDD Holdings demanding answers about data collection, sharing, and retention practices, including potential unauthorized sharing of U.S. consumer data with the Chinese Communist Party. The coalition also raised concerns about possible violations of the Uyghur Forced Labor Prevention Act and inadequate cybersecurity measures. Temu has 30 days to respond to 11 detailed requests for information and documentation.
Texas Attorney General Ken Paxton filed a lawsuit against General Motors for unlawfully collecting private driving data from over 1.5 million Texas drivers without consent and selling the data to third parties including insurance companies. GM allegedly deceived customers into enrolling in products like OnStar Smart Driver by falsely claiming enrollment was required to retain vehicle safety features, while concealing that enrollment authorized systematic collection and sale of detailed driving data. The action follows an investigation launched in June 2024 as part of the Texas AG’s data privacy initiative, and seeks to hold GM accountable for violating state privacy laws.
Pemiscot Memorial Health System (Healthcare Provider, MO) reported a HIPAA breach affecting 33,279 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
The FTC and DOJ sued TikTok and ByteDance for violating COPPA by collecting personal information from children under 13 without parental consent. The complaint alleges that TikTok knowingly allowed millions of children on its platform and failed to comply with a 2019 consent order. The lawsuit seeks civil penalties and a permanent injunction.
Geisinger (Healthcare Provider, PA) reported a HIPAA breach affecting 1,276,026 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Tilting Point Media LLC illegally collected and shared children's personal data in its mobile app game 'SpongeBob: Krusty Cook-Off' without parental consent, violating COPPA and CCPA. The settlement imposes a $500,000 civil penalty and injunctive terms to ensure compliance with children's data privacy laws.
$500K
Texas Attorney General Ken Paxton opened an investigation into multiple car manufacturers for collecting and selling driver data to third parties, including insurance companies, without consumers' knowledge or consent. The investigation, conducted under the Texas Deceptive Trade Practices – Consumer Protection Act, seeks documents about data collection practices and disclosures made to customers. The AG's office is concerned about invasive data collection and potential deceptive practices.
Texas Attorney General Ken Paxton initiated an investigation into multiple car manufacturers for allegedly collecting drivers' data without consent and selling it to third parties, including insurance providers. The investigation, authorized under the Texas Deceptive Trade Practices – Consumer Protection Act, requires manufacturers and data purchasers to produce documents related to their data practices and customer disclosures. The AG highlighted concerns about invasive, non-consensual data collection and sale occurring without consumer knowledge.
Insurance ACE/Humana Inc. (Health Plan, KY) reported a HIPAA breach affecting 15,003 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
All data sourced from official government enforcement pages.