1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Texas Attorney General Ken Paxton initiated an investigation into Drone Nerds, LLC over its partnership with CCP-affiliated Anzu Robotics, which markets drones with concealed surveillance capabilities and unauthorized data collection risks. Drone Nerds is accused of deceiving Texas consumers by misrepresenting Anzu’s ties to China and falsely claiming the drones are U.S.-based with secure privacy practices. The investigation is being conducted under the Texas Deceptive Trade Practices Act, with a Civil Investigative Demand issued to gather evidence of consumer deception and privacy violations.
The FTC settled charges with data broker Kochava, Inc. and its subsidiary Collective Data Solutions (CDS) over allegations that they sold precise location data from hundreds of millions of mobile devices without consumer consent, enabling tracking of visits to sensitive locations like reproductive health clinics and places of worship. The settlement prohibits the companies from selling or sharing sensitive location data without affirmative express consumer consent, and imposes compliance requirements including a sensitive location data program, supplier consent assessments, incident reporting, and data retention schedules. No monetary penalty was imposed.
The FTC settled with Humor Rainbow, Inc. (operator of OkCupid) and Match Group Americas over allegations that OkCupid deceived users by sharing personal data including photos and location information with an unauthorized third party, contrary to its privacy policy promises to inform users and provide opt-out opportunities. The settlement permanently prohibits the companies from misrepresenting their data collection, use, disclosure, and privacy control practices. No monetary penalty was imposed.
Privacy enforcement action where Oregon AG and a coalition of 16 other states sue the Trump Administration to stop the Department of Education's new IPEDS data reporting requirements, arguing they jeopardize student privacy, lack proper definitions, and risk data errors and identification.
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
Attorney General Raoul secured a court order preventing the U.S. Department of Agriculture from collecting SNAP applicants' and recipients' personal data without an agreed-upon protocol that restricts sharing with unrelated entities like the Department of Homeland Security. The court found that the USDA's proposed protocol would violate federal law by allowing data use for immigration enforcement, contrary to the intended purpose of SNAP.
Massachusetts Attorney General Andrea Campbell secured a preliminary injunction from the U.S. District Court blocking the Trump Administration's USDA from cutting off SNAP funding to states that refuse to turn over personal data of SNAP applicants and recipients. The court found USDA's proposed data protocol unlawful because it allowed sharing data with entities unrelated to federal benefits administration.
California Attorney General Rob Bonta secured a second preliminary injunction from the U.S. District Court for the Northern District of California blocking the Trump Administration's demand that states turn over personal data of SNAP applicants and recipients. The court found the USDA's proposed data protocol would allow sharing of state data with entities unrelated to federal benefits administration, violating federal law.
Commonwealth Care Alliance (Health Plan, MA) reported a HIPAA breach affecting 634 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Weill Cornell Medicine (Healthcare Provider, NY) reported a HIPAA breach affecting 516 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record.
Texas Attorney General Ken Paxton filed a lawsuit against Shein US Services LLC for selling toxic products and exposing consumers' personal data to the Chinese Communist Party. The lawsuit seeks monetary penalties under the Texas Deceptive Trade Practices Act. This action is part of a broader effort to protect Texans from health risks and CCP influence.
Texas Attorney General Ken Paxton filed a lawsuit against PDD Holdings, Inc. and WhaleCo Inc., doing business as Temu, for deceptive marketing and unlawful covert harvesting of Texans’ personal data that was exposed to the Chinese Communist Party. The suit alleges Temu functions as a 'trojan horse' e-commerce app that bypasses security protocols to create a backdoor into users’ private data, which is stored on servers in China. The lawsuit seeks monetary relief under the Texas Deceptive Trade Practices Act, including up to $10,000 per violation and up to $250,000 per violation targeting consumers aged 65 or older.
Texas Attorney General Ken Paxton filed a lawsuit against Temu (PDD Holdings, Inc. and WhaleCo Inc.) for deceptive marketing practices and illegally harvesting Texans' personal data, which was then exposed to the Chinese Communist Party. The suit seeks monetary damages under the Texas Deceptive Trade Practices Act, with potential penalties of up to $10,000 per violation and higher for seniors. This is part of a broader effort to hold CCP-aligned companies accountable.
Texas Attorney General Ken Paxton filed a lawsuit against TP-Link Systems Inc. for deceptively marketing its networking devices and enabling the Chinese Communist Party to access American consumers' devices. The lawsuit alleges that TP Link's products have been used by PRC state-sponsored hackers and that the company is subject to Chinese laws requiring data disclosure. This is part of a coordinated effort to hold China-aligned companies accountable under Texas law.
Communications Workers of America Local 1180 Security Benefits Fund (Health Plan, NY) reported a HIPAA breach affecting 18,550 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Electronic Medical Record, Other.
The FTC issued warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans' Data from Foreign Adversaries Act (PADFAA), which bans the sale or disclosure of sensitive personal data to foreign adversaries like China, Russia, Iran, and North Korea. The letters cite instances where recipients offered data on Armed Forces members, which is protected under PADFAA. Non-compliance could result in civil penalties up to $53,088 per violation.
The Federal Trade Commission (FTC) sent warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans’ Data from Foreign Adversaries Act (PADFAA). PADFAA prohibits data brokers from selling or providing sensitive personal data about Americans to foreign adversaries such as China, Russia, Iran, and North Korea. The letters warn that violations could result in civil penalties of up to $53,088 per violation and urge companies to review their business practices for compliance.
The Florida Attorney General's Office launched the CHINA Prevention Unit and issued a subpoena to Shein for deceptive trade practices and data privacy violations. The unit focuses on combating threats from foreign adversaries like the Chinese Communist Party to consumer data and economic security. This action is part of broader efforts to audit and hold accountable companies with ties to China.
Lincoln National Corporation d/b/a/ Lincoln Financial (Health Plan, IN) reported a HIPAA breach affecting 998 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
Health and Hospital Corporation of Marion County (Healthcare Provider, IN) reported a HIPAA breach affecting 792 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Email, Laptop.
A bipartisan coalition of 35 state attorneys general led by New York Attorney General Letitia James sent a demand letter to xAI on January 26, 2026, requiring the company to address its Grok chatbot’s creation and sharing of nonconsensual intimate images, including child sexual abuse material. The AGs demand that xAI implement safeguards to prevent Grok from generating such content, delete existing harmful content, suspend offending users, and give X users control over whether their content can be edited by Grok. No monetary penalty has been imposed as this is a pre-enforcement demand for action.
Minnesota Department of Human Services (Health Plan, MN) reported a HIPAA breach affecting 303,965 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
California Attorney General Rob Bonta, alongside attorneys general from New York, Colorado, Illinois, and Minnesota, filed a motion for preliminary injunction to continue blocking the Trump Administration's unlawful freeze of $10 billion in federal funding for child care and family assistance programs and to prevent broad data requests for personally identifiable information of millions of residents. The funding freeze targets five Democratic-led states without evidence of fraud, and the data requests are part of the challenged unlawful actions. A temporary restraining order was previously granted blocking these measures.
Privacy enforcement action where the FTC settled with General Motors and OnStar for collecting and selling consumers' geolocation and driving behavior data without adequate notice or consent. The order prohibits sharing data with consumer reporting agencies and requires transparency and consumer choice measures.
TMG Health, Inc. (Business Associate, TX) reported a HIPAA breach affecting 2,076 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
California Attorney General Rob Bonta, on behalf of a multistate coalition, filed a motion in U.S. District Court to enforce a preliminary injunction that blocks the Trump Administration from demanding personal and sensitive information about Supplemental Nutrition Assistance Program (SNAP) recipients. The Administration has renewed its demand, threatening to withhold administrative funding from states that do not comply, which the AG argues violates the existing court order and federal law protecting the confidentiality of SNAP applicant data.
Illinois Department of Human Services (Health Plan, IL) reported a HIPAA breach affecting 705,017 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
Massachusetts Attorney General Andrea Campbell filed a motion to enforce a preliminary injunction against the Trump Administration's demands for personal data of SNAP recipients. The court previously blocked such demands, but the administration renewed its request, threatening to withhold funding. The AG seeks to ensure compliance with federal privacy laws and protect SNAP recipients' sensitive information.
Exact Sciences Laboratories LLC (Healthcare Provider, WI) reported a HIPAA breach affecting 2,658 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Paper/Films.
CareOregon (Health Plan, OR) reported a HIPAA breach affecting 5,473 individuals. Breach type: Unauthorized Access/Disclosure. Location of breached information: Network Server.
All data sourced from official government enforcement pages.