1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
New York Attorney General Letitia James secured a settlement with cryptocurrency platform Uphold HQ, Inc. for misleading investors by promoting Cred’s fraudulent CredEarn investment product as a safe, reliable savings option when it involved risky loans to uncreditworthy borrowers. Uphold will pay $5 million to harmed investors, redirect $545,189 in Cred bankruptcy proceeds to affected customers, and implement enhanced due diligence policies for third-party investment products. Uphold must also register as a broker with the Office of the Attorney General.
$5.0M
The FTC alleged that Publishing.com LLC and its principals misled consumers with unsubstantiated earnings claims about their self-publishing programs, failed to disclose material connections with testimonial writers, and imposed hidden conditions on refund requests. The company agreed to pay a $1.5 million penalty and is subject to a proposed consent order prohibiting deceptive earnings claims, misrepresentations about refunds, and undisclosed endorsements. The consent agreement is subject to a 30-day public comment period before becoming final.
$1.5M
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
California Attorney General Rob Bonta secured a second preliminary injunction from the U.S. District Court for the Northern District of California blocking the Trump Administration's demand that states turn over personal data of SNAP applicants and recipients. The court found the USDA's proposed data protocol would allow sharing of state data with entities unrelated to federal benefits administration, violating federal law.
Connecticut Attorney General William Tong secured a $5.1 million financial relief package for tenants of the Concierge Apartments in Rocky Hill following an investigation into unsafe living conditions and landlord mismanagement. The agreement provides cash payments, free rent, and utility waivers to displaced and affected tenants, with a second agreement pending to address long-term accountability and communications.
$5.1M
The California Attorney General settled with The Walt Disney Company for $2.75 million over CCPA violations. Disney's opt-out processes failed to stop the sale or sharing of consumer data across all devices and services associated with accounts, requiring consumers to navigate cumbersome methods. Disney must pay the penalty and implement comprehensive opt-out mechanisms.
$2.8M
ApolloMD Business Services, LLC (Business Associate, GA) reported a HIPAA breach affecting 626,540 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Telemarketing enforcement case where the FTC obtained a temporary restraining order against defendants who deceptively marketed limited benefit health plans as comprehensive health insurance. The scheme caused tens of millions of dollars in harm to consumers seeking health coverage. The court halted operations at the FTC's request.
Minnesota Department of Human Services (Health Plan, MN) reported a HIPAA breach affecting 303,965 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Consumer fraud case where the FTC and Florida shut down RivX for deceiving consumers with false trucking investment opportunities. The court entered an $8.39 million judgment and banned the defendants from business opportunities. This protects consumers from business opportunity scams.
$8.4M
The FTC filed a motion in federal court seeking to hold payment processor Cliq, Inc. and its operators in contempt for systematically violating a 2015 consent order. The defendants are accused of processing payments for high-risk and prohibited merchants, failing to screen for deceptive practices, and facilitating fraud avoidance tactics. The FTC is requesting at least $52.9 million in consumer relief, a permanent ban on the individuals from payment processing, and appointment of a receiver.
$52.9M
Civil rights and health enforcement action where Oregon Attorney General Dan Rayfield, joined by 11 other states, sued the U.S. Department of Health and Human Services (HHS) over a policy that conditions federal health, education, and research funding on states' agreement to discriminate
California Attorney General Rob Bonta, on behalf of a multistate coalition, filed a motion in U.S. District Court to enforce a preliminary injunction that blocks the Trump Administration from demanding personal and sensitive information about Supplemental Nutrition Assistance Program (SNAP) recipients. The Administration has renewed its demand, threatening to withhold administrative funding from states that do not comply, which the AG argues violates the existing court order and federal law protecting the confidentiality of SNAP applicant data.
Illinois Department of Human Services (Health Plan, IL) reported a HIPAA breach affecting 705,017 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
The FTC settled with Disney for violating the COPPA Rule by mislabeling videos on YouTube, which allowed the collection of children's personal data without parental consent. Disney must pay a $10 million civil penalty and implement measures to ensure proper video labeling and compliance with COPPA.
$10.0M
Consumer protection case where Oregon AG sued the Trump administration to prevent defunding of the CFPB, arguing it would harm consumers and state enforcement efforts. The CFPB provides critical data and complaint handling for financial consumer protection.
Consumer protection case where Hyundai and Kia settled for selling millions of vehicles without industry-standard anti-theft technology, leading to a nationwide surge in thefts and public safety risks. The settlement requires free hardware fixes for affected vehicles and restitution for consumers.
$4.5M
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 104,071 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Richmond Behavioral Health Authority (Healthcare Provider, VA) reported a HIPAA breach affecting 113,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Persante Health Care (Business Associate, NJ) reported a HIPAA breach affecting 111,815 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VITAS Hospice Services, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 319,177 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta announced a $1.4 million settlement with Jam City, Inc. for violating the CCPA. The mobile gaming company failed to provide opt-out methods for the sale or sharing of personal information across its 21 apps and sold or shared data of children aged 13-16 without required affirmative consent. Jam City must now implement in-app opt-out mechanisms and obtain affirmative consent for minors' data.
$1.4M
Delta Dental of Virginia (Health Plan, VA) reported a HIPAA breach affecting 126,953 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 238,615 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Connecticut Attorney General William Tong joined a bipartisan coalition of nine states in a $7 million settlement with Greystar Management Services LLC, the largest U.S. landlord, for anticompetitive algorithmic pricing practices. Greystar shared competitively sensitive data with competitors via RealPage's algorithms and discussed pricing strategies, leading to inflated rents. The consent decree prohibits such conduct, requires monitoring if using uncertified algorithms, and bars participation in RealPage competitor meetings.
$7.0M
California Attorney General Rob Bonta announced a $7 million settlement with Greystar Management Services LLC for using RealPage's algorithmic software to illegally align rent prices with competitors by sharing confidential pricing information, violating antitrust laws. Greystar must cease using such anticompetitive algorithms, refrain from data sharing, accept monitoring, and cooperate in the ongoing case against RealPage.
$7.0M
Connecticut Attorney General William Tong, along with California and New York Attorneys General, settled with Illuminate Education, Inc. for failing to protect student data in a breach that exposed personal information of millions of students. The settlement, the first under Connecticut's Student Data Privacy Law, requires Illuminate to pay $5.1 million and implement enhanced cybersecurity measures.
$5.1M
Illuminate Education, Inc. suffered a data breach in 2021 due to security failures, exposing sensitive student data including medical conditions across millions of students. The company has agreed to pay $5.1 million in settlements to California, Connecticut, and New York and implement injunctive relief to strengthen data security practices.
$5.1M
New York, California, and Connecticut attorneys general reached a $5.1 million settlement with educational technology company Illuminate Education, Inc. for failing to protect student data, resulting in a 2022 breach exposing millions of students’ personal information. The investigation found Illuminate failed to implement basic security measures including data encryption, suspicious activity monitoring, and proper decommissioning of inactive user accounts, and did not delete student data when required by contracts. Illuminate must pay the penalty and implement enhanced data security measures including a comprehensive information security program, encryption of student data, and annual notice to schools about data collection and deletion options.
$5.1M
Denton MHMR Center (Healthcare Provider, TX) reported a HIPAA breach affecting 108,967 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.