1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
The FTC settled with Disney for violating the COPPA Rule by mislabeling videos on YouTube, which allowed the collection of children's personal data without parental consent. Disney must pay a $10 million civil penalty and implement measures to ensure proper video labeling and compliance with COPPA.
$10.0M
Connecticut Attorney General secured a $1 million multistate settlement with TFG Holding, Inc. for deceptive VIP membership program marketing and billing practices. The company must improve disclosures, obtain explicit consent, provide easy cancellation, and offer restitution to affected consumers.
$1.0M
The California Privacy Protection Agency (CPPA) settled with Tractor Supply Company for $1.35 million over violations of the California Consumer Privacy Act (CCPA). The violations included failing to maintain a proper privacy policy, not notifying job applicants of their rights, lacking an effective opt-out mechanism, and sharing personal information without adequate contracts. Tractor Supply must pay the fine and implement remedial measures such as scanning digital properties and annual compliance certification.
$1.4M
The FTC and 19 states settled with Kars-R-Us.com, Inc. and its operators for deceptive charity fundraising claims, where only 0.28% of over $45 million raised was used for breast cancer screenings. Operators face permanent fundraising bans and a $3.88 million monetary judgment.
$3.9M
Massachusetts Attorney General settled with Earnest Operations LLC for $2.5 million over allegations that the student loan lender's use of AI underwriting models led to disparate impact on Black, Hispanic, and non-citizen applicants. The company failed to test its AI models for bias, used discriminatory variables like Cohort Default Rate, and sent inaccurate adverse action notices. Earnest must pay the fine, discontinue problematic practices, and implement compliance measures.
$2.5M
Connecticut Attorney General William Tong announced a $5 million preliminary settlement with Stone Academy and its owners for unfair and deceptive conduct. The for-profit nursing school failed to deliver promised education, lacking textbooks, experienced teachers, and clinical training, and abruptly closed in February 2023. The settlement provides cash payments to harmed students, bars the owner from higher education employment for five years, and includes measures to help students complete their education.
$5.0M
Texas Attorney General Ken Paxton has launched investigations into Character.AI and fourteen other companies, including Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA regarding children's privacy and safety. The investigations focus on unauthorized sharing of minors' data and lack of parental controls. No penalties have been imposed yet as the investigations are ongoing.
The Connecticut Attorney General obtained a $5 million stipulated judgment against Vision Solar for alleged deceptive sales practices, including high-pressure tactics, misrepresentations, and performing unpermitted work. Although the company is bankrupt and cannot pay, the judgment establishes binding operational standards for solar companies in Connecticut regarding disclosures, contracting, permitting, and use of licensed contractors.
$5.0M
Verkada, a security camera company, failed to secure customer data, leading to a hacker accessing over 150,000 cameras and sensitive health information. The company also violated the CAN-SPAM Act by sending spam emails without proper opt-out mechanisms. To settle, Verkada will pay $2.95 million and implement a comprehensive security program with audits.
$3.0M
Connecticut Attorney General William Tong filed a lawsuit against Altice for charging unlawful 'Network Enhancement Fees' and failing to adequately disclose internet speed limits. The complaint seeks to stop the fees, recover millions for consumers, and address deceptive marketing practices including language barriers.
The FTC settled with telehealth firm Cerebral, Inc. for sharing sensitive consumer mental health data with third parties like LinkedIn, Snapchat, and TikTok for advertising without proper consent, employing sloppy security practices, and misleading consumers about cancellation policies. Cerebral must pay over $7 million (with $2 million due upfront), is permanently banned from using health information for most advertising, must implement a comprehensive privacy program, delete unnecessary data, and provide easy cancellation.
$7.0M
Connecticut Attorney General William Tong expanded the complaint against Stone Academy, alleging its owners siphoned millions for personal luxury while students were denied promised education and clinical training. Revenues surged during the pandemic, but exam pass rates fell and students lacked textbooks and qualified teachers. The AG seeks civil penalties, restitution, and a receiver to protect assets for student relief.
The FTC settled with background report providers TruthFinder and Instant Checkmate, charging they deceived consumers about the accuracy of their reports (often mischaracterizing traffic tickets as criminal records) and violated the Fair Credit Reporting Act (FCRA) by operating as consumer reporting agencies without following its requirements, including ensuring accuracy and limiting permissible purposes. The companies will pay a $5.8 million penalty and implement a comprehensive FCRA compliance monitoring program.
$5.8M
The FTC charged Ring LLC with allowing employees to access private customer videos without consent and failing to secure user accounts, leading to hackers controlling cameras. Under a proposed consent order, Ring must pay $5.8 million in refunds, delete unlawfully accessed data, and implement a privacy and security program.
$5.8M
The FTC settled with GoodRx for sharing consumers' sensitive prescription and health information with Facebook, Google, and other third parties for advertising without consent, and for failing to report these unauthorized disclosures as required by the Health Breach Notification Rule. GoodRx will pay a $1.5 million civil penalty and is permanently barred from sharing user health data for advertising.
$1.5M
California Attorney General Rob Bonta announced a settlement with Sephora, Inc. for $1.2 million over violations of the California Consumer Privacy Act. Sephora failed to disclose that it sold consumer personal information and did not process opt-out requests via Global Privacy Control. The settlement requires Sephora to pay penalties and implement compliance measures including policy changes and reporting.
$1.2M
Connecticut Attorney General and Consumer Counsel announced a $3 million settlement with electric supplier Public Power for failing to publish required 'next cycle rate' information, which denied consumers the opportunity to switch suppliers to avoid rate increases. As part of the settlement, Public Power and its sister companies must permanently exit the Connecticut market, and the funds will be used to pay down unpaid electric bills for hardship customers.
$3.0M
Connecticut Attorney General filed a $5 million stipulation judgment against Safe Home Security for repeated non-compliance with court-ordered consumer protection measures, including blocking contract terminations and misrepresenting terms. The judgment requires immediate payment of $1 million and suspends $4 million pending compliance, with an independent monitor for five years.
$5.0M
The Connecticut Attorney General announced an enforcement action against Associated Community Services for operating a massive telefunding scheme that bombarded 67 million consumers with 1.3 billion deceptive fundraising calls, fraudulently collecting over $110 million. The action resulted in hundreds of millions of dollars in fines and a permanent prohibition from fundraising, forcing the sale of assets purchased with illegal proceeds.
The FTC settled with Kuuhuub Inc., operator of the Recolor coloring book app, for violating COPPA by collecting personal information from children under 13 without parental consent. The app's social media features allowed children to register and share data, and third-party ad networks collected persistent identifiers for targeted ads. The settlement requires deletion of children's data, refunds to underage subscribers, a $3 million penalty (suspended upon $100,000 payment), and user notifications about the violations.
$3.0M
New Jersey joined 31 other states and the FTC in a $3.5 million settlement with Lenovo for pre-installing VisualDiscovery ad software on laptops that created a 'man-in-the-middle' security vulnerability, intercepting users' encrypted data without adequate disclosure or opt-out mechanisms. The settlement requires Lenovo to improve transparency, obtain affirmative consent, provide effective opt-out tools, and implement a long-term security compliance program with independent audits.
$3.5M
Lenovo preinstalled 'Visual Discovery' software on its computers that intercepted browsing data and broke encrypted connections without user consent, compromising security and privacy. The multi-state settlement imposes a $3.5 million penalty and requires Lenovo to implement disclosure, consent, opt-out, and security compliance measures.
$3.5M
Wells Fargo Bank recorded consumer phone calls without providing timely notice as required by California law, violating privacy statutes. The settlement imposes a $7.616 million civil penalty, requires compliance with disclosure standards, and mandates an internal compliance program to protect consumer privacy.
$7.6M
All data sourced from official government enforcement pages.