Enforcement Articles

The CFPB published a report showing that the rate of auto repossessions at the end of 2022 surpassed pre-pandemic levels.

The CFPB took action against Equifax, the nationwide consumer reporting agency, for its failure to conduct proper investigations of consumer disputes.

The CFPB took action against Draper & Kramer Mortgage Corporation for discriminatory mortgage lending activities that discouraged homebuyers from applying to Draper for homes in majority-Black and Hispanic neighborhoods in the greater Chicago and Boston areas.

The Bureau is adjusting for inflation the maximum amount of each civil penalty within the Bureau’s jurisdiction.

Also: Coinbase's Agentic AI Wallets, $1M Fraud Indictment This week, Paxful's $4M AML penalty, Coinbase's agentic AI wallets, a $1M fraud indictment, a 20-year $200M Ponzi sentence, laundering from the $200M Mixin hack, a Binance France home invasion attempt, insider betting charges in Israel and lost seized bitcoin in South Korea.

Will the Back-Office Services' Firm Incident Shatter US Data Breach Records? The Texas attorney general office has launched an investigation into the Conduent Business Services hacking incident, which affected about 15.5 million Texans, including about 4 million Blue Cross Blue Shield of Texas members. Will the nationwide victim tally shatter data breach records in the U.S.?

Class Action Stems From 2023 Ransomware Attack Affecting More Than 500,000 Capital Health, which operates hospitals and other facilities in New Jersey and Pennsylvania, agreed to pay $4.5 million to settle consolidated class action litigation involving a 2023 LockBit ransomware and data theft attack affecting more than a 500,000 patients and employees.

Comstar Paid Feds $75K Last Year to Settle HIPAA Allegations in Same 2022 Breach An ambulance billing and collections firm has agreed to pay $515,000 to Massachusetts and Connecticut regulators and implement a prescriptive information security program in the aftermath of a 2022 hacking incident affecting the sensitive information of nearly 350,000 residents in those states.

Breach Affected More Than a Dozen Healthcare Clients, 2.5M Patients Electronic health records vendor Veradigm agreed to pay $10.5 million to settle consolidated class action litigation involving a December 2024 hacking incident discovered in mid-2025 that affected more than a dozen healthcare provider clients and about 2.5 million of their patients.

Ransomware Gang Money Message Claimed It Exfiltrated 4.7TB of Firm's Data Pharmacy services firm PharMerica will pay at least $5.27 million - plus millions more on enhancing its security - as part of a preliminary class action settlement approved this week by a federal court involving a 2023 data theft incident the company reported as affecting 5.8 million individuals.

2023 Incident Affected More Than 650,000 Patients, Employees An upstate New York orthopedic practice has agreed to pay state regulators a $500,000 settlement and implement stronger security practices following a 2023 hack involving the theft of 650,000 individuals' sensitive information. Cybercrime group INC Ransom reportedly claimed credit for the incident.

The Michigan Department of Insurance and Financial Services liquidated Craftsman Credit Union of Detroit and appointed the National Credit Union Administration as liquidating agent.

The Ohio Division of Financial Institutions has liquidated the Taupa Lithuanian Credit Union of Cleveland, Ohio, and appointed the National Credit Union Administration as liquidating agent.