1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
Howard Brown Health (Healthcare Provider, IL) reported a HIPAA breach affecting 8,357 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Mitchell County Department of Social Services (Healthcare Provider, NC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Reproductive Medicine Associates of Michigan (Healthcare Provider, MI) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anesthesiology & Pain Consultants, LLC (Healthcare Provider, LA) reported a HIPAA breach affecting 538 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other Portable Electronic Device.
Texas Attorney General Ken Paxton filed a lawsuit against Sony, Samsung, LG, Hisense, and TCL Technology Group for using Automated Content Recognition (ACR) technology to collect Texans' viewing data without proper consent. A temporary restraining order was secured against Hisense to halt all data collection and sharing. The AG issued a consumer alert with instructions to disable ACR on smart TVs.
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The Nevada-based marketing firm must pay the fine and past-due fees. This action is part of CalPrivacy's enforcement against unregistered data brokers.
$57K
CalPrivacy issued Enforcement Advisory No. 2025-01 to remind data brokers of their annual registration obligations under California's Delete Act, including disclosing all trade names and websites and registering independently rather than through a parent company. The advisory warns that failures to comply may result in administrative fines of $200 per day, plus fees and recovery costs. It also highlights the upcoming Delete Request and Opt-Out Platform (DROP) launching January 1, 2026.
Texas Attorney General Ken Paxton obtained a temporary restraining order against Hisense, a Chinese smart TV manufacturer, to halt its collection of Texans' personal data through Automated Content Recognition technology without consent. The technology captures every sound and image on the TVs every 500 milliseconds and sells the data, with access granted to the Chinese Communist Party. The TRO prohibits Hisense from collecting, using, selling, sharing, disclosing, or transferring ACR data about Texans while the case continues.
Environmental enforcement action: Oregon Attorney General Dan Rayfield joined a multistate lawsuit against the Trump Administration for unlawfully freezing federal funding approved by Congress for electric vehicle charging infrastructure. The freeze, implemented by the U.S. Department of Transportation, halts critical projects to modernize freight corridors, reduce pollution, and support EV adoption, including a $102 million Pacific Northwest project for medium- and heavy-duty trucks. The lawsuit seeks a court order to release the funds and allow states to proceed with Congressionally authorized projects.
The FTC has taken action against Illusory Systems, Inc. (doing business as Nomad) for failing to implement adequate data security measures, which led to a breach where hackers stole $186 million from consumers. The company is required to return the stolen funds and implement an information security program.
$186.0M
Texas Attorney General Ken Paxton filed a lawsuit against five major TV manufacturers—Sony, Samsung, LG, Hisense, and TCL—for illegally collecting consumers' viewing data through Automated Content Recognition (ACR) technology without knowledge or consent. The companies capture screenshots and monitor TV usage in real-time, then sell the data for targeted advertising, risking sensitive information. The suit seeks to halt these invasive practices and protect Texans' privacy.
Texas Attorney General Ken Paxton has filed lawsuits against five major TV manufacturers—Sony, Samsung, LG, Hisense, and TCL—for unlawfully collecting Texans' viewing data using Automated Content Recognition (ACR) technology without their knowledge or consent. The ACR software captures screenshots of TV displays every 500 milliseconds and transmits the data to the companies, which then sell it for targeted advertising. The AG's office alleges these practices violate Texas privacy laws and seeks to enjoin the companies from continuing the surveillance.
New Jersey Attorney General Matthew Platkin and the Division on Civil Rights (DCR) announced the adoption of comprehensive new rules codifying the prohibition against disparate impact discrimination under the New Jersey Law Against Discrimination (LAD). The rules, published in the New Jersey Register on December 15, 2025, clarify legal standards for disparate impact liability in employment, housing, public accommodations, financial lending, and contracting, including the use of artificial intelligence in employment contexts. The rules do not create new liability but provide clarity on existing LAD protections amid federal rollbacks of disparate impact standards.
Connecticut Attorney General William Tong, along with the FTC and 21 other states and counties, filed a lawsuit against Uber Technologies, LLC and Uber USA, LLC for deceptive practices related to their Uber One subscription service. The lawsuit alleges Uber used negative option marketing, misled consumers about savings, made cancellation difficult, and charged consumers prematurely. The action seeks restitution, penalties, and an injunction under the Connecticut Unfair Trade Practices Act and the Restore Online Shoppers' Confidence Act.
FPMCM LLC (Business Associate, TN) reported a HIPAA breach affecting 2,072 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
New Jersey Attorney General Matthew Platkin announced that New Jersey is joining a coalition of 22 states in suing Uber for deceptive practices related to its Uber One subscription service. The lawsuit alleges that Uber enrolled consumers without their knowledge and made cancellation extremely difficult, seeking restitution, penalties, and an injunction under New Jersey's Consumer Fraud Act and the Restore Online Shoppers' Confidence Act.
Consumer protection case where Oregon Attorney General Dan Rayfield secured a federal court order blocking the Trump administration from imposing financial penalties on states for SNAP operations, ensuring that lawful permanent residents continue to receive benefits without disruption.
Other enforcement action: Oregon Attorney General Dan Rayfield, joined by 18 other states, sued the Trump Administration over its unlawful $100,000 fee for H-1B visa petitions. The lawsuit alleges that the policy violates the Administrative Procedure Act by exceeding congressional authority and bypassing required rulemaking procedures, harming educational institutions and employers.
Baltimore Medical System, Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A bipartisan coalition of 42 attorneys general sent a letter to major AI software companies demanding safeguards to protect users from harmful chatbot interactions. The letter cites multiple incidents of mental health struggles, self-harm, and deaths, particularly affecting children and vulnerable populations. Companies are asked to implement safety testing, recall procedures, and clear warnings by January 16, 2026.
OCAT, LLC dba Evoke Wellness at Hilliard (Healthcare Provider, OH) reported a HIPAA breach affecting 1,629 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”) (Healthcare Provider, MA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton filed a lawsuit against Epic Systems Corporation, a major electronic health records vendor, alleging unlawful monopolization of the EHR industry and deceptive practices that restrict parental access to minor children’s medical records. The privacy-related claim asserts Epic automatically hides children’s medication lists, treatment notes, and provider messages from parents when a child turns 12, violating Texas law guaranteeing parents unrestricted access to their children’s medical records. The action is part of broader efforts to ensure EHR vendors comply with Texas parental access requirements and promote market competition.
Florida Attorney General James Uthmeier filed a lawsuit against Roblox, alleging that the company misrepresented the safety of its platform to parents and failed to protect children from accessing adult content and being contacted by predators. The lawsuit seeks injunctive relief and other remedies to ensure child safety on the platform.
Centric Health (Healthcare Provider, CA) reported a HIPAA breach affecting 6,855 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
Heart of Texas Behavioral Health Network (Healthcare Provider, TX) reported a HIPAA breach affecting 1,309 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
New Jersey Attorney General Matthew Platkin is leading a bipartisan coalition of 42 attorneys general in sending a letter to 13 tech companies, demanding that they implement safeguards for their AI chatbots to prevent harmful interactions such as sexually explicit conversations with children, encouraging self-harm, and spurring violence, following reports of serious incidents including deaths and self-harm.
Southern Oregon Neurosurgical and Spine Associates, PC (Healthcare Provider, OR) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Ochsner LSU Health – Regional Urology (Healthcare Provider, LA) reported a HIPAA breach affecting 4,519 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
TriCity Family Services (Healthcare Provider, IL) reported a HIPAA breach affecting 2,511 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.