The data hack affected 24 million customers, whose personal information was breached when the hackers accessed company computer servers in Kentucky. Following the data breach, customer names; e-mail, billing, and shipping addresses; phone numbers; the last four digits of credit card numbers; and "cryptographically scrambled"passwords were released.
Under the terms of the agreement, the Amazon subsidiary will pay a total of $106,000 to the attorneys general of Arizona, Connecticut, Florida, Kentucky, Maryland, Massachusetts, North Carolina, Ohio, and Pennsylvania. The AGs will determine the distribution of the funds to each of the states which may be used to cover the costs of the enforcement action, fund consumer privacy efforts or any other purpose. The Las Vegas-based company also agreed to data security improvements, new oversight and reporting requirements, and employee training.