
The clothing retailer Zappos.com will pay $106,000 (£70,200) to settle an investigation into a breach involving the personal data of 24 million customers.
The 2012 attack on the Amazon subsidiary led to the leaking of customer names, billing and shipping addresses, phone numbers and the last four digits of payment cards. An investigation, however, found no evidence that full credit or debit card numbers had been taken.
Martha Coakley, attorney general of Massachusetts, said: "Businesses, including online retailers, must appropriately protect their customers’ information by guarding against data breaches."
"Our office will continue to hold retailers accountable for failing to follow their own policies regarding consumer data that they maintain, and make sure that all companies have reasonable data security measures in place."
As part of the settlement, Zappos also agreed to improve its security measures through compliance with a payment card security standard, a third-party audit of its security and annual training of its employees in cybersecurity.
Alongside Massachusetts, the case was supported by eight other states including Arizona, Connecticut, Florida, Kentucky, Maryland, North Carolina, Ohio, and Pennsylvania.