All Enforcement Actions
-
British Airways — GDPR Data Breach Fine (£20M)
The ICO issued British Airways a £20 million fine following a 2018 data breach affecting approximately 400,000 customers. Attackers harvested customer and staff data including logi…
-
Marriott International — GDPR Fine (£18.4M)
The ICO fined Marriott International £18.4 million following a data breach that began in 2014 and ran through 2018. The breach originated in the reservation systems of Starwood Hot…
-
Meta (Facebook) — GDPR Fine for EU-US Data Transfers (€1.2B)
Ireland's Data Protection Commission (DPC), acting as lead supervisory authority, fined Meta Platforms €1.2 billion for transferring personal data of Facebook users from the EU/EEA…
-
Advocate Aurora Health — Tracking Pixel HIPAA Settlement ($3M)
HHS OCR reached a $3 million settlement with Advocate Aurora Health, an Illinois-based healthcare system, for HIPAA violations related to the use of tracking technologies on their …
-
Banner Health — Network Segmentation Failure HIPAA Settlement ($1.25M)
HHS OCR settled with Banner Health for $1.25 million following a 2016 data breach affecting approximately 2.9 million individuals. Attackers gained access to Banner Health's paymen…
-
Lafourche Medical Group — No Risk Analysis HIPAA Penalty ($480K)
HHS OCR imposed a $480,226 civil money penalty on Lafourche Medical Group for failure to conduct a HIPAA risk analysis. A phishing attack resulted in unauthorized access to an empl…
-
Twitter/X — Repurposing Security Data for Ads FTC Settlement ($150M)
The FTC and DOJ reached a $150 million penalty settlement with Twitter for violating a 2011 FTC order and deceiving users about how their phone numbers and email addresses collecte…
-
Amazon Ring — Employee Surveillance FTC Settlement ($5.8M)
The FTC settled with Ring LLC (an Amazon subsidiary) for $5.8 million and a comprehensive order following allegations that Ring allowed employees and contractors to access customer…