1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
A federal court held Cliq Inc. and its executives Andrew Phillips and John Blaugrund in civil contempt for multiple violations of a 2015 FTC order requiring the payment processor to prevent enabling consumer fraud. The court found the defendants facilitated fraud by processing transactions for high-risk merchants, avoiding fraud monitoring, failing to conduct required underwriting, and ignoring chargeback thresholds. The court imposed $6.5 million in civil contempt sanctions against the defendants.
$6.5M
New York Attorney General Letitia James secured a $5 million settlement from cryptocurrency platform Uphold HQ, Inc. for promoting Cred’s fraudulent CredEarn investment product as safe and reliable, when Cred was making risky loans to uncreditworthy borrowers in China. Uphold also falsely claimed Cred had comprehensive insurance and promoted the product without registering as a broker or commodity broker-dealer under New York law. As part of the settlement, Uphold will pay $5 million to harmed investors, remit $545,189 from Cred’s bankruptcy to customers, improve due diligence policies for third-party products, and register as a broker with the OAG.
$5.0M
The Virginia Attorney General issued a consumer warning about predatory practices by tax debt settlement companies, referencing a past successful enforcement action against Wall & Associates, Inc. and CEO P. Mark Yates for violating the Virginia Consumer Protection Act. The Fauquier County Circuit Court ordered the company and CEO to pay over $1.6 million in civil penalties, with additional restitution to consumers pending determination.
$1.7M
The FTC alleged that Publishing.com LLC and its principals misled consumers with unsubstantiated earnings claims about their self-publishing programs, failed to disclose material connections with testimonial writers, and imposed hidden conditions on refund requests. The company agreed to pay a $1.5 million penalty and is subject to a proposed consent order prohibiting deceptive earnings claims, misrepresentations about refunds, and undisclosed endorsements. The consent agreement is subject to a 30-day public comment period before becoming final.
$1.5M
The FTC settled charges with StubHub Holdings, Inc. for violating the FTC Act and the FTC’s Rule on Unfair or Deceptive Fees by failing to disclose total ticket prices including all mandatory fees up-front on its website. StubHub will pay $10 million, which will be used to provide refunds to eligible consumers who purchased live event tickets between May 12 and 14, 2025. The stipulated final order also prohibits StubHub from misrepresenting pricing, fees, or material transaction facts, and requires full compliance with the Fees Rule’s disclosure requirements.
$10.0M
New Jersey Attorney General Jennifer Davenport announced a multistate settlement with NCL Bahamas, Ltd. (Norwegian Cruise Line) resolving allegations of deceptive sales practices and unfair cancellation, refund, and future cruise credit policies during the COVID-19 pandemic. The settlement requires NCL to pay $2 million to participating states, implement employee training and management approval processes for sales communications during disasters, and prohibits deceptive sales statements and prioritizing sales over consumer health and safety. NCL has already issued over $3 billion in refunds and future cruise credits to consumers nationwide related to the underlying allegations.
$2.0M
The FTC and Maryland Attorney General announced a settlement with Lindsay Automotive Group resolving allegations of deceptive pricing practices, including advertising falsely low car prices and charging unwanted add-ons, costing consumers over $75 million. Lindsay will provide over $75 million in refunds to eligible consumers and pay a $3.1 million civil penalty to Maryland. The settlement also prohibits deceptive advertising practices and requires clear disclosure of total vehicle prices and express consumer consent for charges.
$3.1M
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
California Attorney General Rob Bonta secured a second preliminary injunction from the U.S. District Court for the Northern District of California blocking the Trump Administration's demand that states turn over personal data of SNAP applicants and recipients. The court found the USDA's proposed data protocol would allow sharing of state data with entities unrelated to federal benefits administration, violating federal law.
Connecticut Attorney General William Tong secured a $5.1 million financial relief package for tenants of the Concierge Apartments in Rocky Hill following an investigation into unsafe living conditions and landlord mismanagement. The agreement provides cash payments, free rent, and utility waivers to displaced and affected tenants, with a second agreement pending to address long-term accountability and communications.
$5.1M
California Attorney General Rob Bonta announced a $2.75 million settlement with The Walt Disney Company, the largest CCPA settlement in state history, resolving allegations that Disney violated the CCPA by failing to fully honor consumers’ opt-out requests for the sale or sharing of their personal data across all devices and streaming services linked to their accounts. Disney’s opt-out methods, including in-app toggles, webforms, and Global Privacy Control implementation, had gaps that allowed continued data sale or sharing even after consumers opted out. Under the settlement, Disney must pay the civil penalty and implement comprehensive opt-out methods that fully cease all sale or sharing of consumer data upon request.
$2.8M
ApolloMD Business Services, LLC (Business Associate, GA) reported a HIPAA breach affecting 626,540 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Telemarketing enforcement case where the FTC obtained a temporary restraining order against defendants who deceptively marketed limited benefit health plans as comprehensive health insurance. The scheme caused tens of millions of dollars in harm to consumers seeking health coverage. The court halted operations at the FTC's request.
Minnesota Department of Human Services (Health Plan, MN) reported a HIPAA breach affecting 303,965 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Consumer fraud case where the FTC and Florida shut down RivX for deceiving consumers with false trucking investment opportunities. The court entered an $8.39 million judgment and banned the defendants from business opportunities. This protects consumers from business opportunity scams.
$8.4M
The FTC filed a motion in federal court seeking to hold payment processor Cliq, Inc. and its operators in contempt for systematically violating a 2015 consent order. The defendants are accused of processing payments for high-risk and prohibited merchants, failing to screen for deceptive practices, and facilitating fraud avoidance tactics. The FTC is requesting at least $52.9 million in consumer relief, a permanent ban on the individuals from payment processing, and appointment of a receiver.
$52.9M
Civil rights and health enforcement action where Oregon Attorney General Dan Rayfield, joined by 11 other states, sued the U.S. Department of Health and Human Services (HHS) over a policy that conditions federal health, education, and research funding on states' agreement to discriminate
California Attorney General Rob Bonta, on behalf of a multistate coalition, filed a motion in U.S. District Court to enforce a preliminary injunction that blocks the Trump Administration from demanding personal and sensitive information about Supplemental Nutrition Assistance Program (SNAP) recipients. The Administration has renewed its demand, threatening to withhold administrative funding from states that do not comply, which the AG argues violates the existing court order and federal law protecting the confidentiality of SNAP applicant data.
Illinois Department of Human Services (Health Plan, IL) reported a HIPAA breach affecting 705,017 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
The FTC settled with Disney for violating the COPPA Rule by mislabeling videos on YouTube, which allowed the collection of children's personal data without parental consent. Disney must pay a $10 million civil penalty and implement measures to ensure proper video labeling and compliance with COPPA.
$10.0M
Consumer protection case where Oregon AG sued the Trump administration to prevent defunding of the CFPB, arguing it would harm consumers and state enforcement efforts. The CFPB provides critical data and complaint handling for financial consumer protection.
New Jersey Attorney General Matthew Platkin announced a multistate settlement with Hyundai and Kia over the sale of millions of U.S. vehicles lacking industry-standard anti-theft engine immobilizer technology, which contributed to a surge in auto thefts. The settlement requires the manufacturers to equip all future U.S.-sold vehicles with immobilizers, offer free ignition cylinder protectors to eligible owners, provide up to $4.5 million in consumer restitution for theft damage, and pay $4.5 million to the coalition states. The 36-state coalition is led by Connecticut, Minnesota, and New Hampshire, with New Jersey as a co-lead.
$4.5M
Consumer protection case where Hyundai and Kia settled for selling millions of vehicles without industry-standard anti-theft technology, leading to a nationwide surge in thefts and public safety risks. The settlement requires free hardware fixes for affected vehicles and restitution for consumers.
$4.5M
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 104,071 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Richmond Behavioral Health Authority (Healthcare Provider, VA) reported a HIPAA breach affecting 113,232 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Persante Health Care (Business Associate, NJ) reported a HIPAA breach affecting 111,815 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
VITAS Hospice Services, LLC (Healthcare Provider, FL) reported a HIPAA breach affecting 319,177 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
California Attorney General Rob Bonta announced a $1.4 million settlement with mobile gaming company Jam City, Inc. for violating the CCPA by failing to provide consumers with compliant methods to opt out of the sale or sharing of their personal information across its 21 mobile apps. The settlement also resolves allegations that Jam City sold or shared personal data of users aged 13 to 16 without the required affirmative opt-in consent. In addition to the civil penalty, Jam City must implement in-app opt-out methods and obtain opt-in consent for minor users' data sales and sharing.
$1.4M
Delta Dental of Virginia (Health Plan, VA) reported a HIPAA breach affecting 126,953 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Fieldtex Products, Inc. (Business Associate, NY) reported a HIPAA breach affecting 238,615 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.