Presented by the Privacy and Data Security Practice Group

Legal Updates for Privacy and Data Security - October 2019

By
David J. Shannon

Café Press Hit with Class Action Lawsuit for Delay in Data Breach Notifications

By David J. Shannon, Esq.

 

Café Press, a Kentucky-based personalized product ecommerce retailer, is in legal hot water for delaying data breach notification to its millions of customers. News reports indicate that approximately 23 million users’ personal information was stolen by an unidentified third-party intruder in February of this year, and the breach continued for several months. Breach notifications were not sent out to affected individuals until September 5th.

Café Press indicated that the exposed information included names, email addresses, passwords and other information. Allegedly, only a small percentage of U.S. users’ Social Security and tax I.D. numbers were exposed.

Since the breach is alleged to have begun in February and notices did not go out until September, a class action lawsuit has been filed in which this delay plays a prominent role in the complaint. The lawsuit alleges that in addition to the seven-month delay in notifying victims, a two-month delay occurred between public signs of the breach and Café Press alerting all of their customers. The lawsuit also alleges that Café Press failed to employ best practices and did not update security software that is widely known to be flawed. This lawsuit reinforces how a delay in breach notifications can have serious consequences.

 

The material in this law alert has been prepared for our readers by Marshall Dennehey Warner Coleman & Goggin. It is solely intended to provide information on recent legal developments, and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. We welcome the opportunity to provide such legal assistance as you require on this and other subjects. If you receive the alerts in error, please send a note to tamontemuro@mdwcg.comATTORNEY ADVERTISING pursuant to New York RPC 7.1. © 2019 Marshall Dennehey Warner Coleman & Goggin. All Rights Reserved.