Seven State AGs Announce $2 Million Settlement with CafePress Over 2019 Data Breach

    Private: Amanda Doran

    On December 18, 2020, State Attorney Generals from Connecticut, Indiana, Kentucky, Michigan, New Jersey, New York, and Oregon announced a $2 million settlement with CafePress over allegations that the online retailer failed to sufficiently respond to a 2019 data breach that impacted nearly 22 million customers.

    CafePress allegedly failed to promptly detect a breach to their SQL database, which allowed an unauthorized individual to obtain customer’s personal information, and failed to initiate a full investigation until nearly 6 months after the breach. The settlement requires CafePress to implement comprehensive data security and data breach notification plans, and perform third-party security assessments biennially for the next five years.

    Read more at The National Law Review

    Need a Data Privacy, Protection, and Security expert?

    If you are in need of an expert with experience in data privacy and data security disputes, we invite you to consider DisputeSoft.