Advertising Disclosure Email Disclosure

Legal Updates for Privacy and Data Security - October 2019

October 23, 2019
Presented by the Privacy and Data Security Practice Group

Café Press Hit with Class Action Lawsuit for Delay in Data Breach Notifications

By David J. Shannon, Esq.


Café Press, a Kentucky-based personalized product ecommerce retailer, is in legal hot water for delaying data breach notification to its millions of customers. News reports indicate that approximately 23 million users’ personal information was stolen by an unidentified third-party intruder in February of this year, and the breach continued for several months. Breach notifications were not sent out to affected individuals until September 5th.

Café Press indicated that the exposed information included names, email addresses, passwords and other information. Allegedly, only a small percentage of U.S. users’ Social Security and tax I.D. numbers were exposed.

Since the breach is alleged to have begun in February and notices did not go out until September, a class action lawsuit has been filed in which this delay plays a prominent role in the complaint. The lawsuit alleges that in addition to the seven-month delay in notifying victims, a two-month delay occurred between public signs of the breach and Café Press alerting all of their customers. The lawsuit also alleges that Café Press failed to employ best practices and did not update security software that is widely known to be flawed. This lawsuit reinforces how a delay in breach notifications can have serious consequences.


The material in this law alert has been prepared for our readers by Marshall Dennehey Warner Coleman & Goggin. It is solely intended to provide information on recent legal developments, and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. We welcome the opportunity to provide such legal assistance as you require on this and other subjects. If you receive the alerts in error, please send a note ATTORNEY ADVERTISING pursuant to New York RPC 7.1. © 2019 Marshall Dennehey Warner Coleman & Goggin. All Rights Reserved.

Affiliated Attorney

David J. Shannon
Chair, Privacy and Data Security
(215) 575-2615

Practice Areas

Before you send this email please note:

You are attempting to send email, through a link on our website, to an attorney of Marshall Dennehey Warner Coleman & Goggin or an employee in our firm. Please note that your email may not be treated as confidential and does not create an attorney-client relationship. You should not rely upon the transmission of an email through this website if you are seeking to enter into such a relationship. Until such time as we have agreed to represent you, no information in your email will be treated as confidential. Please contact us directly by telephone at 1.800.220.3308 if it is your intent to seek legal counsel with our firm or convey confidential information.

If it is still your intent to send this email, knowing that it may not be treated as confidential, you may accept our terms of agreement by pressing "OK". If you choose not to accept these terms of agreement you may navigate away from this page by pressing "Cancel."