1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Heart of Texas Behavioral Health Network (Healthcare Provider, TX) reported a HIPAA breach affecting 1,309 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
New Jersey Attorney General Matthew Platkin is leading a bipartisan coalition of 42 attorneys general in sending a letter to 13 tech companies, demanding that they implement safeguards for their AI chatbots to prevent harmful interactions such as sexually explicit conversations with children, encouraging self-harm, and spurring violence, following reports of serious incidents including deaths and self-harm.
Southern Oregon Neurosurgical and Spine Associates, PC (Healthcare Provider, OR) reported a HIPAA breach affecting 1,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Ochsner LSU Health – Regional Urology (Healthcare Provider, LA) reported a HIPAA breach affecting 4,519 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Antitrust enforcement action where Oregon Attorney General Dan Rayfield secured a $700 million settlement from Google for anticompetitive practices in the Google Play Store. The settlement will provide automatic payouts to consumers who made purchases between August 2016 and September 2023, and requires Google to change its practices to stop the anticompetitive conduct. The settlement is pending court approval as of April 30, 2026.
$700.0M
TriCity Family Services (Healthcare Provider, IL) reported a HIPAA breach affecting 2,511 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Columbia Medical Practice (Healthcare Provider, MD) reported a HIPAA breach affecting 3,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
NCH Corporation Employee Benefits Plan (Health Plan, TX) reported a HIPAA breach affecting 3,098 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta joined 20 attorneys general in filing an amicus brief to quash a U.S. DOJ administrative subpoena seeking sensitive medical records and personally identifying information of adolescent patients receiving gender-affirming care at Children's Hospital Colorado. The brief argues the subpoena violates states' rights to regulate medicine under the Tenth Amendment and misinterprets the Food, Drug, and Cosmetic Act, which would harm off-label drug use across all medical fields.
Greater St. Louis Oral & Maxillofacial Surgery PC (Healthcare Provider, MO) reported a HIPAA breach affecting 501 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 5,901 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta announced Phase 2 of Operation Robocall Roundup, a multistate investigation targeting four major voice service providers—Inteliquent, Bandwidth, Peerless, and Lumen—for routing suspected illegal robocalls. The Anti-Robocall Multistate Litigation Task Force sent warning letters demanding they stop transmitting such calls, following Phase 1 which already led to some providers being removed from the FCC's database. The AG emphasized that these companies have a heightened responsibility to block call traffic from known bad actors.
Attorney General William Tong announced Phase 2 of Operation Robocall Roundup, investigating four major voice providers—Inteliquent, Bandwidth, Lumen, and Peerless—for transmitting suspected illegal robocalls. The Anti-Robocall Multistate Litigation Task Force directed these companies to stop such transmissions. Phase 1 already removed 13 companies from the FCC's Robocall Mitigation Database and stopped 19 from appearing in traceback results.
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The marketing firm sold custom audience lists built from consumer data without registration, highlighting that businesses collecting and selling personal information must comply with data broker requirements.
$57K
Madison Healthcare Services (Healthcare Provider, MN) reported a HIPAA breach affecting 500 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
ConvenientMD LLC (Healthcare Provider, NH) reported a HIPAA breach affecting 1,332 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
West Texas Health, PLLC (Business Associate, TX) reported a HIPAA breach affecting 73,720 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Florida Attorney General James Uthmeier issued an investigative subpoena to TP-Link Systems Inc. as part of a consumer protection investigation into the company’s cybersecurity practices, supply-chain infrastructure, and handling of U.S. consumer data, including allegations of unauthorized data sharing with the Chinese Communist Party. The probe will determine if TP-Link misled customers about foreign government access to their personal data, which would violate the Florida Deceptive and Unfair Trade Practices Act, with no findings of wrongdoing yet.
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
Connecticut Attorney General William Tong led a multistate coalition in sending inquiry letters to six major BNPL providers—Affirm, Afterpay, Klarna, PayPal, Sezzle, and Zip—seeking detailed information on their pricing, fees, disclosures, and consumer assessment practices to evaluate compliance with consumer protection laws, following the rescission of federal Truth in Lending Act rules for BNPL.
California Attorney General Rob Bonta co-led a coalition of 18 attorneys general in submitting a comment letter opposing the Department of Homeland Security's expansion of the Systematic Alien Verification for Entitlements (SAVE) program to include U.S.-born citizens. The coalition argues the expansion violates the Privacy Act of 1974, creates a massive surveillance database, increases data breach risks, and will lead to inaccurate verifications and denial of benefits.
FedEx Corporation Group Health Plan (Health Plan, TN) reported a HIPAA breach affecting 1,066 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Sports Medicine & Orthopaedics (Healthcare Provider, RI) reported a HIPAA breach affecting 4,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Cerenade (Business Associate, CA) reported a HIPAA breach affecting 987 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Spindletop Center (Healthcare Provider, TX) reported a HIPAA breach affecting 88,863 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Richmond Behavioral Health Authority (Healthcare Provider, VA) reported a HIPAA breach affecting 113,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Center for Urologic Care of Berks CO (Healthcare Provider, PA) reported a HIPAA breach affecting 543 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Persante Health Care (Business Associate, NJ) reported a HIPAA breach affecting 111,815 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Henry Ford Health (Healthcare Provider, MI) reported a HIPAA breach affecting 1,984 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Desktop Computer.
Consumer protection case where Oregon AG Dan Rayfield led a multi-state lawsuit to block USDA guidance that unlawfully restricts SNAP eligibility for legal immigrants, arguing it contradicts federal law and could cause wrongful benefit terminations.
All data sourced from official government enforcement pages.