LANSING, Mich. (WLNS) – Attorney General Dana Nessel today announced that a coalition of seven states reached a $2 million settlement with CafePress to resolve a 2019 data breach that compromised the personal information of about 22 million consumers, including more than 474,900 in Michigan.
CafePress is an online retailer of stock and user-customized products. The breach compromised consumer names, email addresses, passwords, physical addresses, phone numbers and, in some cases, Social Security or tax identification numbers, and the last four digits of credit card numbers and expiration dates. The compromised information was taken from accounts associated with the company’s website.
Under the settlement, CafePress has agreed to pay $2 million to the states. The settlement includes an immediate payment of $750,000 divided among the states, of which Michigan will receive about $91,000.
The remainder of the $2 million payment is suspended based on the company’s financial condition.
Of the compromised Michigan consumers, 5,234 potentially had their Social Security numbers or tax identification numbers compromised. Upon disclosing the breach in September 2019, CafePress offered two years of credit monitoring and theft resolution services at no charge to those whose Social Security numbers and/or tax identification numbers were affected by the incident.
“As a growing number of services and customer-driven amenities become available online, a consumer’s personal information is more at-risk now than ever before,” Nessel said. “While there are steps we as consumers can take to protect our own personal information from falling into the wrong hands, companies must also take appropriate measures to safeguard that data to ensure their customers are protected from predatory attempts to capitalize on that information.”