CafePress was responsible for a 2019 data breach that compromised the personal information of 22 million consumers. | stock photo
CafePress was responsible for a 2019 data breach that compromised the personal information of 22 million consumers. | stock photo
On Dec. 21, Attorney General Dana Nessel announced that a coalition of seven states, including Michigan, had reached a $2 million settlement with CafePress, an online retailer of user-customized on-demand products, located in Louisville, Kentucky.
The settlement resolved a 2019 data breach that compromised the personal information of about 22 million consumers, affecting more than 474,900 people in Michigan, according to Michigan.gov.
“As a growing number of services and customer-driven amenities become available online, a consumer’s personal information is more at-risk now than ever before,” Nessel told Michigan.gov. “While there are steps we as consumers can take to protect our own personal information from falling into the wrong hands, companies must also take appropriate measures to safeguard that data to ensure their customers are protected from predatory attempts to capitalize on that information.”
Attorney General Dana Nessel
| Michigan.gov
Provisions agreed upon by CafePress under the settlement include: an incident response and data breach notification plan, clear notice to consumers concerning account closure and data deletion, and personal information safeguards and controls.
Alerts Sign-up