New York prosecutor Letitia James said on Friday that a $ 2 million deal has been reached with a tailor-made product retailer in connection with a 2019 data breach that jeopardizes the personal information of some 22 million consumers across the country. , Kentucky-based CafePress Inc. took no action in nearly six months after users' personal information was vulnerable in an attack that began on February 19, 2019 or earlier. The 22 million accounts used included 186,179 with a social security or tax identification number.
CafePress did not conduct a full investigation until nearly six months after the intrusion, said the statement from James James' office, which said it was leading a coalition of seven attorneys general investigating the infringement.
In addition to paying $ 2 million, CafePress will create a comprehensive information security program, including other provisions of the agreement.
CafeP ress was acquired by Calabasas, California-based PlanetArt LLC during the investigation, and has approved the terms of the agreement as stated in the statement.
A PlanetArt spokesman could not be reached for comment.