Hoffman said the unauthorized cookies allowed the company to target as many as 215 million ads at New Jersey consumers from June 2009 to February 2012.
State officials said PulsePoint was formed in September 2011 via the merger of ContextWeb Inc. and Datran Media Corp. and operates an ad exchange through which it sells advertising on other companies' websites.
PulsePoint acknowledged engaging in the practice until February 2012, the state said, and had it stopped only after the practice was exposed that month in a Wall Street Journal investigation.
In an e-mailed statement, a PulsePoint spokeswoman said ContextWeb's cookie "was primarily limited to technical purposes such as fraud detection, debugging, and advertisement frequency capping, and was not for behavioral tracking purposes."
She said PulsePoint executives "had no knowledge of this until the February 2012 article, and upon its discovery immediately took action to end the practice."
"PulsePoint takes user privacy very seriously, through investments in technology, training, adherence to industry best practices, and participation in leading industry organizations such as the Network Advertising Initiative and Digital Advertising Alliance."
Under the settlement, PulsePoint will pay a civil penalty of $566,200, plus $33,800 to cover costs of the investigation. State officials said $150,000 will go to improving the attorney general's privacy-protection programs.
The other $250,000 will be paid to the Division of Consumer Affairs through "in-kind advertising services" from PulsePoint for ads furthering the division's mission to protect the public from fraud.
Contact Jeff Gelles at 215-854-2776, email@example.com, or @jeffgelles on Twitter.