CafePress charged with $500,000 fine for covering up a massive data breach revealing sensitive information of 23 million users

Security
By Tista Karmakar
CafePress charged with $500,000 fine for covering up a massive data breach revealing sensitive information of 23 million users

CafePress’s former owner Residual Pumpkin Entity has been charged with a $500,000 fine for hiding a data breach impact that affected 23 million of their customers. The U.S. Federal Trade Commission (FTC) has instructed the t-shirt and merchandise company to pay huge amounts of fines for failing to protect customers’ data.

According to a complaint filed by the consumer protection service in 2022, the company called Residual Pumpkin Entity has stored sensitive documents such as social security numbers and password reset of customers in plain text exposing the vulnerability of the system. The company also failed to apply further security to protect data.

The FTC has ordered not only to pay fine charges to the companies but also to implement an immediate multi-factor authentication of stored data and encryption of all social security numbers.

Consequently, PlanetArt has provided an alert system for notifying all buyers and sellers whose sensitive information was breached.

According to the reports of February 2019, CafePress’s servers were attacked by unknown attackers who exploited several data of almost 23, 205, 290 users and leaked that information on the dark web.

The information contained millions of email addresses, passwords, unencrypted names, physical addresses, and security questions with weak encryption. The information has leaked more than 180,000 unencrypted social security numbers and thousands of payment card numbers with an expiration date.

Allegedly, CafePress has covered up this massive data breach from several users and customers’. until September 2019.

In March the FTC claimed, it “misled users by using consumers’ email addresses for marketing despite its promises that such information would only be used to fulfill orders consumers had placed.”

According to the FTC’s complaint, CafePress was aware of its security issues before the massive data breach of 2019 and yet they didn’t take any step further to stop it. CafePress closed those compromised accounts and charged a $25 account closure fee for each of them.


Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
You might also like More from author

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i=0; i