1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Howard Brown Health (Healthcare Provider, IL) reported a HIPAA breach affecting 8,357 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Mitchell County Department of Social Services (Healthcare Provider, NC) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Reproductive Medicine Associates of Michigan (Healthcare Provider, MI) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Anesthesiology & Pain Consultants, LLC (Healthcare Provider, LA) reported a HIPAA breach affecting 538 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other Portable Electronic Device.
Medical Center, LLP (Healthcare Provider, GA) reported a HIPAA breach affecting 32,090 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton filed a lawsuit against Sony, Samsung, LG, Hisense, and TCL Technology Group for using Automated Content Recognition (ACR) technology to collect Texans' viewing data without proper consent. A temporary restraining order was secured against Hisense to halt all data collection and sharing. The AG issued a consumer alert with instructions to disable ACR on smart TVs.
North East Medical Services (Healthcare Provider, CA) reported a HIPAA breach affecting 91,513 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The Nevada-based marketing firm must pay the fine and past-due fees. This action is part of CalPrivacy's enforcement against unregistered data brokers.
$57K
Excellent Home Care Services, LLC (Healthcare Provider, NY) reported a HIPAA breach affecting 16,278 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
CalPrivacy issued Enforcement Advisory No. 2025-01 to remind data brokers of their annual registration obligations under California's Delete Act, including disclosing all trade names and websites and registering independently rather than through a parent company. The advisory warns that failures to comply may result in administrative fines of $200 per day, plus fees and recovery costs. It also highlights the upcoming Delete Request and Opt-Out Platform (DROP) launching January 1, 2026.
Texas Attorney General Ken Paxton obtained a temporary restraining order against Hisense, a Chinese smart TV manufacturer, to halt its collection of Texans' personal data through Automated Content Recognition technology without consent. The technology captures every sound and image on the TVs every 500 milliseconds and sells the data, with access granted to the Chinese Communist Party. The TRO prohibits Hisense from collecting, using, selling, sharing, disclosing, or transferring ACR data about Texans while the case continues.
Environmental enforcement action: Oregon Attorney General Dan Rayfield joined a multistate lawsuit against the Trump Administration for unlawfully freezing federal funding approved by Congress for electric vehicle charging infrastructure. The freeze, implemented by the U.S. Department of Transportation, halts critical projects to modernize freight corridors, reduce pollution, and support EV adoption, including a $102 million Pacific Northwest project for medium- and heavy-duty trucks. The lawsuit seeks a court order to release the funds and allow states to proceed with Congressionally authorized projects.
The FTC has taken action against Illusory Systems, Inc. (doing business as Nomad) for failing to implement adequate data security measures, which led to a breach where hackers stole $186 million from consumers. The company is required to return the stolen funds and implement an information security program.
$186.0M
Consumer protection case where Hyundai and Kia settled for selling millions of vehicles without industry-standard anti-theft technology, leading to a nationwide surge in thefts and public safety risks. The settlement requires free hardware fixes for affected vehicles and restitution for consumers.
$4.5M
Texas Attorney General Ken Paxton filed a lawsuit against five major TV manufacturers—Sony, Samsung, LG, Hisense, and TCL—for illegally collecting consumers' viewing data through Automated Content Recognition (ACR) technology without knowledge or consent. The companies capture screenshots and monitor TV usage in real-time, then sell the data for targeted advertising, risking sensitive information. The suit seeks to halt these invasive practices and protect Texans' privacy.
Texas Attorney General Ken Paxton has filed lawsuits against five major TV manufacturers—Sony, Samsung, LG, Hisense, and TCL—for unlawfully collecting Texans' viewing data using Automated Content Recognition (ACR) technology without their knowledge or consent. The ACR software captures screenshots of TV displays every 500 milliseconds and transmits the data to the companies, which then sell it for targeted advertising. The AG's office alleges these practices violate Texas privacy laws and seeks to enjoin the companies from continuing the surveillance.
Connecticut Attorney General William Tong, along with the FTC and 21 other states and counties, filed a lawsuit against Uber Technologies, LLC and Uber USA, LLC for deceptive practices related to their Uber One subscription service. The lawsuit alleges Uber used negative option marketing, misled consumers about savings, made cancellation difficult, and charged consumers prematurely. The action seeks restitution, penalties, and an injunction under the Connecticut Unfair Trade Practices Act and the Restore Online Shoppers' Confidence Act.
FPMCM LLC (Business Associate, TN) reported a HIPAA breach affecting 2,072 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
New Jersey Attorney General Matthew Platkin announced that New Jersey is joining a coalition of 22 states in suing Uber for deceptive practices related to its Uber One subscription service. The lawsuit alleges that Uber enrolled consumers without their knowledge and made cancellation extremely difficult, seeking restitution, penalties, and an injunction under New Jersey's Consumer Fraud Act and the Restore Online Shoppers' Confidence Act.
Consumer protection case where Oregon Attorney General Dan Rayfield secured a federal court order blocking the Trump administration from imposing financial penalties on states for SNAP operations, ensuring that lawful permanent residents continue to receive benefits without disruption.
Other enforcement action: Oregon Attorney General Dan Rayfield, joined by 18 other states, sued the Trump Administration over its unlawful $100,000 fee for H-1B visa petitions. The lawsuit alleges that the policy violates the Administrative Procedure Act by exceeding congressional authority and bypassing required rulemaking procedures, harming educational institutions and employers.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 104,071 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Baltimore Medical System, Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
A bipartisan coalition of 42 attorneys general sent a letter to major AI software companies demanding safeguards to protect users from harmful chatbot interactions. The letter cites multiple incidents of mental health struggles, self-harm, and deaths, particularly affecting children and vulnerable populations. Companies are asked to implement safety testing, recall procedures, and clear warnings by January 16, 2026.
OCAT, LLC dba Evoke Wellness at Hilliard (Healthcare Provider, OH) reported a HIPAA breach affecting 1,629 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Heywood Healthcare Inc. including Henry Heywood Memorial Hospital, Athol Memorial Hospital, and Heywood Medical Group, Inc. (“Heywood”) (Healthcare Provider, MA) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Texas Attorney General Ken Paxton filed a lawsuit against Epic Systems Corporation, a major electronic health records vendor, alleging unlawful monopolization of the EHR industry and deceptive practices that restrict parental access to minor children’s medical records. The privacy-related claim asserts Epic automatically hides children’s medication lists, treatment notes, and provider messages from parents when a child turns 12, violating Texas law guaranteeing parents unrestricted access to their children’s medical records. The action is part of broader efforts to ensure EHR vendors comply with Texas parental access requirements and promote market competition.
This legal enforcement action involves Oregon Attorney General Dan Rayfield, leading a coalition of 20 states, securing a court victory against the Trump Administration's unlawful attempt to terminate the BRIC disaster preparedness program. The court ruled that the termination violates appropriations laws and the Administrative Procedures Act, requiring restoration of billions in funding to protect communities from natural disasters.
Florida Attorney General James Uthmeier filed a lawsuit against Roblox, alleging that the company misrepresented the safety of its platform to parents and failed to protect children from accessing adult content and being contacted by predators. The lawsuit seeks injunctive relief and other remedies to ensure child safety on the platform.
Centric Health (Healthcare Provider, CA) reported a HIPAA breach affecting 6,855 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record, Network Server.
All data sourced from official government enforcement pages.