1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Communications Workers of America Local 1180 Security Benefits Fund (Health Plan, NY) reported a HIPAA breach affecting 18,550 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
Health & Palliative Services of the Treasure Coast, Inc d/b/a Treasure Coast Hospice (“Treasure Health ”) (Healthcare Provider, FL) reported a HIPAA breach affecting 13,230 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
North Shore University Hospital Sleep Disorders Center (Healthcare Provider, NY) reported a HIPAA breach affecting 13,332 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Blue Cross and Blue Shield of Texas (Health Plan, IL) reported a HIPAA breach affecting 12,086 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Other.
Gardner Health Services (Healthcare Provider, CA) reported a HIPAA breach affecting 26,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
The California Privacy Protection Agency settled with American Honda Motor Co. for CCPA violations, including making it difficult for consumers to opt-out of data sharing, using dark patterns in its privacy tool, hindering authorized agent requests, and sharing data with ad tech companies without proper contracts. Honda must pay a $632,500 fine, implement new processes for privacy requests, certify compliance, train employees, and ensure appropriate data sharing contracts.
$633K
Total Medical Imaging (Healthcare Provider, FL) reported a HIPAA breach affecting 27,000 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Restorix Health, Inc. (Business Associate, LA) reported a HIPAA breach affecting 38,553 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email.
Mental Health Association Inc. (Healthcare Provider, MA) reported a HIPAA breach affecting 12,633 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Alpine Ears, Nose & Throat, P.L.L.C. (Healthcare Provider, CO) reported a HIPAA breach affecting 65,648 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
AuthoraCare Collective (Healthcare Provider, NC) reported a HIPAA breach affecting 57,944 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Contents Trader, Inc. (Healthcare Provider, TX) reported a HIPAA breach affecting 27,329 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Pemiscot Memorial Health System (Healthcare Provider, MO) reported a HIPAA breach affecting 33,279 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Tilting Point Media LLC illegally collected and shared children's personal data in its mobile app game 'SpongeBob: Krusty Cook-Off' without parental consent, violating COPPA and CCPA. The settlement imposes a $500,000 civil penalty and injunctive terms to ensure compliance with children's data privacy laws.
$500K
Insurance ACE/Humana Inc. (Health Plan, KY) reported a HIPAA breach affecting 15,003 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Strive Holdco, LLC (Healthcare Provider, TX) reported a HIPAA breach affecting 51,477 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
College Board licensed student data to third parties and used it for marketing without proper consent, violating New York law. The settlement requires College Board to pay $750,000 and prohibits future commercial use of student data from school-administered exams.
$750K
Connecticut, Oregon, and the District of Columbia reached a $100,000 settlement with Easy Healthcare Corporation, the operator of the Premom ovulation tracking app, for sharing sensitive user health and location data with third parties without appropriate disclosures or user consent. The settlement requires the company to implement comprehensive privacy and security programs, obtain consent before sharing health or location data, and provide users with a method to delete their personal information.
$100K
The FTC charged Easy Healthcare Corporation, operator of the Premom fertility app, with deceiving users by sharing their sensitive health data with third parties for advertising without consent and failing to notify breaches as required by the Health Breach Notification Rule. Under a proposed consent decree, the company will pay a $100,000 civil penalty, be barred from sharing health data for advertising, and must implement privacy and security measures.
$100K
VIZIO and Inscape settled allegations that they collected viewing data from Smart TVs without adequate disclosure and consent, selling it to third parties. They agreed to pay $1 million to New Jersey, destroy collected data, and implement privacy measures including obtaining consumer consent and establishing a privacy program.
$1.0M
Dataium settled allegations that it used history sniffing to track consumers' online browsing without consent and sold personal data of 400,000 consumers to a data broker without notice. The settlement imposes a $400,000 monetary penalty, requires a privacy program, and mandates transparency and opt-out mechanisms.
$400K
All data sourced from official government enforcement pages.