CafePress Class Action Says Data Breach Affects 23M Customers

UPDATE:

• The CafePress data breach class action lawsuit was dismissed Nov. 30, 2020.

A class action lawsuit claims that more than 23 million CafePress customers’ personal financial information was compromised in a data breach affecting the online shopping service.

Lead plaintiff Michal Fus claims that a February 2019 data breach exposed the names, addresses, telephone numbers, email addresses, passwords, the last four digits of credit cards, credit card expiration dates, and possibly even the Social Security numbers and tax identification numbers of CafePress customers.

Further, the online shopping company allegedly did not inform affected consumers of the breach until October.

“Tens of millions of people have trusted CafePress with their online shopping, which CafePress touts as: ‘Safe and Secure Shopping. Guaranteed,’” the CafePress class action lawsuit states. “Despite its guarantee, on October 2, 2019, CafePress notified its customers that its online shopping website database had been hacked nine months earlier in February of 2019.”

CafePress is an online user-customized gift shop based in Louisville, Ky. According to the complaint, CafePress advertises itself as the largest such shop, offering more than 1 billion products.

Despite assurances that the website was secure, Fus says that he was notified on Oct. 2, 2019 that his personal information was exposed in a data breach.

Fus claims that he has and will continue to spend time dealing with the ramifications of the breach, including obtaining credit monitoring and freezing his credit as necessary. He says that he has spent his own time and effort on the phone with his various financial institutions making sure his accounts have not been affected negatively by the breach.

“Since the data breach occurred, CafePress customers have been exposed to credit card theft and subjected to resulting economic losses,” alleges the CafePress class action lawsuit.

“Plaintiff has and will incur costs to mitigate the risk for the data breach, such as paying for credit monitoring services,” contends the CafePress class action lawsuit. “Regardless of whether they have yet to incur out-of-pocket losses, Plaintiff and all CafePress customers whose personal information was stolen remain subject to a pervasive, substantial and imminent risk of identity theft and fraud.”

According to the complaint, 23,205,290 CafePress accounts were exposed in the February 2019 data breach, including 23 million unique email addresses, along with passwords, names, addresses, and credit and debit card information.

“Yet, due to apparently lax security protocols, CafePress either did not discover the breach of its databases or took steps to hide the breach from its customers,” the CafePress class action states.

The CafePress data breach class action lawsuit alleges that CafePress failed to utilize modern data security technology to protect the personal information of its consumers.

The CafePress data breach, according to the class action lawsuit, was identified by several database services by the summer of 2019, but CafePress neglected to notify consumers affected by the breach until the fall.

The CafePress class action lawsuit seeks to represent others affected by the February data breach. The plaintiff is seeking damages as well as a court order requiring CafePress to improve its security measures.

Were you affected by the CafePress data breach? Share your story in the comments below. 

The plaintiff is represented by Elizabeth A. Fegan, Lynn A. Ellenberger, and Timothy A. Scott of Fegan Scott LLC.

The CafePress Data Breach Class Action Lawsuit is Fus v. CafePress Inc., Case No. 1:19-cv-06601, in the U.S. District Court for the Northern District of Illinois.

Read More Lawsuit & Settlement News:

DoorDash Class Action Says 5M Customers Info Exposed In Data Breach

Drug Maker to Pay $15M to Settle Whistleblower Claim

Zappos Data Breach Settlement To Provide 10% Discounts

Shingles Vaccine: Zostavax vs. Shingrix