August 4, 2021

Volume XI, Number 216

Advertisement

August 03, 2021

Subscribe to Latest Legal News and Analysis

August 02, 2021

Subscribe to Latest Legal News and Analysis

CafePress to Pay $2 Million in Multi-State Data Breach Settlement

On December 18, seven states have entered into a settlement agreement with e-retailer Cafe-Press for $2 million stemming from a 2019 data breach that exposed information of approximately 22 million consumers. The breach affected consumers’ personal information, including usernames and passwords, Social Security numbers and/or Taxpayer Identification numbers.

Of the $2 million, $750,000 will be an immediate payment divided among the states: New Jersey, New York, Connecticut, Indiana, Kentucky, Michigan and Oregon.

According to the settlement agreement, if CafePress improves its data privacy practices, the states have agreed to suspend the balance of the settlement. Those improvements include implementing a comprehensive cybersecurity program that is updated and assessed regularly, a data breach notification plan (including preparation, detection, analysis, containment, eradication and recovery), as well as other safeguards like encryption, segmentation and penetration testing. CafePress must also update its disclosures to consumers including information on account closure and data deletion. The company must also have a third-party risk assessment for the next five years.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 358
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kathryn Rattigan Attorney Cybersecurity Data Privacy
Associate

Kathryn Rattigan is a member of the firm's Business Litigation Group and Data Privacy + Cybersecurity Team. She advises clients on data privacy and security, cybersecurity, and compliance with related state and federal laws. Kathryn also provides legal advice regarding the use of unmanned aerial systems (UAS, or drones) and Federal Aviation Administration (FAA) regulations. She represents clients across all industries, such as insurance, health care, education, energy, and construction.

Data Privacy and Cybersecurity Compliance

Kathryn helps clients comply...

401-709-3357
Advertisement
Advertisement