1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
New Jersey Attorney General Jennifer Davenport and the Division of Consumer Affairs announced a Consent Order with King Distribution LLC and 17 related retail smoke shops, resolving allegations that the companies illegally sold flavored vapor products in violation of New Jersey’s consumer protection laws. The Consent Order imposes a $100,000 civil penalty, requires reimbursement of $22,279 in investigation costs, and prohibits the companies from selling or distributing flavored vapor products in New Jersey. The enforcement action is part of New Jersey’s ongoing efforts to protect youth from flavored vape products, which have been permanently banned in the state since January 2020.
$100K
Connecticut Attorney General William Tong announced a settlement with international trade platform Made-in-China to cease all U.S. sales of unlawful 'research grade' GLP-1 weight loss drugs following an investigation into direct sales to consumers without prescriptions or medical oversight. The settlement prohibits the platform from hosting GLP-1 sales to U.S. customers, requires a monitoring system to remove non-compliant listings, and imposes a $300,000 penalty suspended after an initial $30,000 payment. Additional settlements were announced with Radiance Medspa and Advanced Medical Weight Loss over compounded non-FDA approved GLP-1 drugs.
$300K
The FTC announced three separate settlements with companies making false 'Made in USA' claims: TouchTunes (electronic dartboards, $625k consumer redress), Americana Liberty and related parties (flags and flagpoles, $167,743 redress), and Oak Street Bootmakers (footwear, $75k redress). The companies violated the FTC Act, Made in USA Labeling Rule, and for Americana Liberty, the Textile Act and Rules, by making unqualified origin claims for products with significant imported components or wholly imported from China. Each settlement prohibits future misrepresentations of U.S. origin and requires consumer notices.
$868K
The FTC alleged that Vanilla Chip LLC (d/b/a TruHeight) deceptively advertised height-enhancing supplements for children and teens without competent scientific evidence, and used fake employee-written and incentivized 5-star reviews. The proposed settlement requires TruHeight and its principals to pay $750,000, bars false health claims, and prohibits misleading review practices. A $4 million total judgment is partially suspended due to the respondents' inability to pay the full amount.
$750K
The Connecticut Attorney General announced a $100,000 settlement with Spruce Power 3, LLC to resolve an investigation into billing, customer service, and warranty issues stemming from consumer complaints. The settlement includes refunds for improper charges and requires reforms to improve billing practices and response times. Separately, an investigation was initiated into SunStrong Management LLC based on approximately 65 consumer complaints regarding warranty failures, unresponsiveness, and fees.
$100K
The California Privacy Protection Agency (CalPrivacy) settled with Ford Motor Company requiring the company to pay a $375,703 fine and change its practices. Ford violated the CCPA by requiring consumers to complete an email verification step before they could opt-out of the sale and sharing of their personal information collected through digital properties and connected vehicle services. In addition to the fine, Ford must provide easy methods to submit opt-out requests with minimal steps, audit its tracking technologies, and ensure compliance with opt-out preference signals including Global Privacy Control.
$376K
The California Privacy Protection Agency settled with Ford Motor Company for $375,703 after finding that Ford violated the CCPA by requiring email verification for opt-out requests, creating unnecessary friction. Ford must implement easier opt-out methods, conduct a website audit, and comply with global privacy controls.
$376K
Manhattan Retirement Foundation d/b/a Meadowlark Hills (Healthcare Provider, KS) reported a HIPAA breach affecting 14,442 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Couve Healthcare Consulting, LLC DBA Evergreen Healthcare Group (Business Associate, WA) reported a HIPAA breach affecting 11,795 individuals. Breach type: Hacking/IT Incident. Location of breached information: Electronic Medical Record.
Emanuel Medical Center (Healthcare Provider, GA) reported a HIPAA breach affecting 28,963 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
National Association on Drug Abuse Problems (Healthcare Provider, NY) reported a HIPAA breach affecting 90,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Academic Urology & Urogynecology of Arizona (Healthcare Provider, AZ) reported a HIPAA breach affecting 73,281 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Communications Workers of America Local 1180 Security Benefits Fund (Health Plan, NY) reported a HIPAA breach affecting 18,550 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
Cedar Point Health, LLC (Healthcare Provider, CO) reported a HIPAA breach affecting 23,114 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Wendy Foster OD (Healthcare Provider, KS) reported a HIPAA breach affecting 20,000 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Counseling Center of Wayne & Holmes Counties (Healthcare Provider, OH) reported a HIPAA breach affecting 83,354 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Triad Radiology Associates (Healthcare Provider, NC) reported a HIPAA breach affecting 11,011 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
WIRX Pharmacy (Healthcare Provider, PA) reported a HIPAA breach affecting 20,047 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
EyeCare Partners, LLC, including The Ophthalmology Group, Ophthalmology Consultants, and Ophthalmology Associates. (Healthcare Provider, MO) reported a HIPAA breach affecting 17,110 individuals. Breach type: Hacking/IT Incident. Location of breached information: Email.
Wakefield & Associates, LLC (Business Associate, TN) reported a HIPAA breach affecting 31,751 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Comstar, LLC, an ambulance billing vendor, suffered a data breach in March 2022 that exposed sensitive patient information, including Social Security numbers and medical records, of over 349,000 residents in Connecticut and Massachusetts. The settlement requires Comstar to pay $515,000 and implement enhanced security measures such as phishing protection and annual security assessments.
$515K
Clinic Service Corporation (Business Associate, CO) reported a HIPAA breach affecting 82,331 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Massachusetts Attorney General secured a $515,000 settlement with Comstar, LLC for a March 2022 data breach that exposed sensitive patient information of over 326,000 Massachusetts residents. Comstar violated Massachusetts Data Security regulations and HIPAA by failing to maintain adequate security measures. The settlement includes monetary payment and mandated security improvements.
$515K
Pecan Tree Dental, PLLC (Healthcare Provider, TX) reported a HIPAA breach affecting 13,300 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Jefferson-Blount-St. Clair Mental Health Authority (Healthcare Provider, AL) reported a HIPAA breach affecting 30,434 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
360 Dental PC (Healthcare Provider, PA) reported a HIPAA breach affecting 11,273 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
New Jersey Attorney General Matthew Platkin announced a settlement with Apple Inc. over allegations of widespread merchandise pricing violations at 11 Apple stores statewide, including failure to display required pricing information and refund policies. Apple agreed to pay a $150,000 civil penalty, the largest-ever under New Jersey's Merchandise Pricing Act, and implement revised business practices to ensure clear pricing and refund policy disclosures. The settlement resolves violations of the New Jersey Consumer Fraud Act and the 2017 consent order previously entered into by Apple.
$150K
Avosina Healthcare Solutions (Business Associate, VA) reported a HIPAA breach affecting 44,425 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Central Ozarks Medical Center (Healthcare Provider, MO) reported a HIPAA breach affecting 11,818 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
Mid Michigan Medical Billing Service, Inc. (Business Associate, MI) reported a HIPAA breach affecting 28,185 individuals. Breach type: Hacking/IT Incident. Location of breached information: Network Server.
All data sourced from official government enforcement pages.