1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The FTC obtained a temporary restraining order against NERD Solutions Inc., ED REF Inc., and their operators Natalie Rodriguez and Pablo Ortiz, alleging they operated a deceptive student loan debt relief scheme that impersonated U.S. Department of Education officials and loan servicers to collect illegal upfront fees from consumers. The defendants are accused of violating the FTC Act, Telemarketing Sales Rule, Impersonation Rule, and Gramm-Leach-Bliley Act, having collected at least $8.8 million from affected consumers. The case is pending in the U.S. District Court for the Central District of California.
California Attorney General Rob Bonta filed a lawsuit against the U.S. Department of Education to block the expansion of IPEDS data collection requiring colleges to submit race-linked student data. The lawsuit argues the demand is arbitrary, capricious, and burdensome, and could enable costly partisan investigations. A multistate coalition co-led the challenge.
Connecticut Attorney General William Tong, joined by 17 other attorneys general, filed a lawsuit against the U.S. Department of Education to block new IPEDS data reporting requirements that demand student information disaggregated by race and sex. The coalition argues the rushed implementation is unlawful, invades student privacy, and risks unreliable data and baseless investigations. They seek an injunction to halt the data collection and protect student privacy.
New York Attorney General Letitia James, joined by 16 other states, sued the U.S. Department of Education over a new survey requiring colleges to submit extensive student data, arguing it violates the Administrative Procedure Act and threatens student privacy. The lawsuit seeks to block the mandate and prevent penalties for non-compliance.
Illinois Attorney General Kwame Raoul, joined by 16 other attorneys general, filed a lawsuit against the U.S. Department of Education to stop new data collection requirements under IPEDS that threaten student privacy by requesting sensitive personal information including income, test scores, and GPA.
Massachusetts Attorney General Andrea Campbell co-led a coalition of 17 attorneys general in filing a lawsuit against the Trump Administration to stop new data reporting requirements for colleges and universities through IPEDS. The requirements demand detailed student data disaggregated by race and sex, retroactive for seven years, which the coalition argues jeopardizes student privacy and could lead to baseless investigations.
Connecticut Attorney General William Tong joined a coalition of 17 attorneys general in filing a lawsuit against the U.S. Department of Education to stop new data reporting requirements under IPEDS that demand detailed student information. The coalition argues the requirements are unlawful, arbitrary, and jeopardize student privacy by requesting in-depth data that could lead to inadvertent errors and baseless investigations. The lawsuit seeks an injunction to block the implementation of these requirements.
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
Connecticut Attorney General William Tong joined 18 other attorneys general in filing a comment letter opposing a U.S. Department of Education proposal to expand data collection on race, admissions, and student performance from colleges and universities. The coalition argues the proposal is unreasonably burdensome, unlikely to yield quality data, and could be misused to target lawful diversity, equity, and inclusion initiatives, raising student privacy concerns.
California Attorney General Rob Bonta led a coalition of 18 attorneys general in submitting a comment letter opposing the U.S. Department of Education's proposal to collect extensive student data on race, admissions, and financial aid. The coalition argues the data collection is burdensome, unlikely to yield quality data, and may be misused to target lawful diversity, equity, and inclusion efforts.
Texas Attorney General Ken Paxton filed a lawsuit against PowerSchool, a provider of cloud-based services for K-12 schools, following a data breach that exposed the personal and health information of over 880,000 Texas school-aged children and teachers. The breach occurred in December 2024 when a hacker gained administrative access through a subcontractor's account and stole unencrypted data including Social Security numbers, medical details, and disability records. The lawsuit alleges PowerSchool violated Texas law by failing to implement basic security measures and by misleading customers about its security practices.
The FTC has proposed amendments to the COPPA Rule to enhance children's privacy protections. Key changes include requiring separate parental consent for targeted advertising, prohibiting conditioning access on data collection, limiting push notifications, strengthening data security and retention requirements, and restricting commercial use in educational technology. The proposal shifts responsibility from parents to companies to safeguard children's data.
Marymount Manhattan College suffered a data breach in 2021 affecting 99,097 New Yorkers. The New York Attorney General found that MMC failed to secure its network infrastructure and update security policies. As part of the agreement, MMC must invest $3.5 million over six years to improve data encryption, enable multi-factor authentication, and implement other security measures.
The FTC finalized an order against Chegg Inc. for failing to secure student data, leading to breaches that exposed personal information of about 40 million users and employees. Chegg must implement a comprehensive security program, limit data collection, offer multifactor authentication, and allow data access and deletion.
All data sourced from official government enforcement pages.