CafePress Data Breach FTC Probe Overview:ย
- Who: CafePress agreed to pay $500,000 to end a U.S. Federal Trade Commission (FTC) probe into a 2019 data breach.ย
- Why: The FTC found CafePress failed to properly notify its customers about the breach and failed to implement new procedures to safeguard their data. ย
- Where: CafePress customers nationwide were affected by the breach.
CafePress has agreed to pay $500,000 and improve its cyber security procedures to end a probe by the U.S. Federal Trade Commission (FTC) into its failure to disclose a data breach that exposed customersโ Social Security numbers.ย
The FTC said in a news release that CafePress also kept customersโ password reset answers and Social Security numbers in โclear, readable textโ and โretained the data longer than was necessary.โ
Per the agreement, CafePress will be required to implement security measures such as multifactor authentication, minimize the amount of data it retains and encrypt Social Security numbers going forward.ย
CafePress security measures came into question following a 2019 data breach that exposed more than 180,000 unencrypted Social Security numbers and millions of unencrypted names, home addresses and security question answers of the online retailersโ customers.ย
The cybercriminal behind the breach also made off with โtens of thousands of partial payment card numbers and expiration dates,โ according to the FTC.ย
CafePress Exposed Data Later Found for Sale On Dark Web
The FTC revealed that some of the data exposed in the breach was also later found online and for sale on the dark web.
Instead of informing its customers about the breach, CafePress initially just told them to update their passwords due to a change in its password policy, the FTC says.ย
Further, the FTC says CafePress waited until September 2019 to inform its customers about the data breach, despite being warned about it months earlier in April and it already being widely reported by the media.
The FTC says CafePress also failed for several months to make necessary changes to safeguard the data of its customers, including by letting them continue resetting their passwords with security questions connected to email addresses which had been exposed in the breach.ย
CafePress also should have been aware there were issues with its cybersecurity programs due to a prior problem with the accounts of certain of its shopkeepers falling victim to hackers, in addition to several malware infections, according to the FTC.
Earlier this month, Herff Jones agreed to a $4.35 million settlement to resolve claims it failed to protect its customers data during a 2021 data breach.ย
Were you affected by the CafePress data breach in 2019? Let us know in the comments!ย
The CafePress Data Breach is In The Matter of CafePress, FTC case number 1923209.
Donโt Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
19 thoughts onCafePress To Pay $500K, Improve Cybersecurity Following FTC Probe Over Data Breach
Hello, please add me to your Cafepress list. Cafepress comes up on my credit report.
CafePress continues to allow my stalker, a systems architect at Microsoft Houston, to use my trademark EthTech to make merchandise making fun of me. I do not know this man and have never responded to his repeated attempts to contact me. He is not a therapist. He is a Microsoft employee who has sexually harassed me, said racist things repeatedly to my family, and is running an entire slam site called unethtech.com about us. When CafePress lets a deranged criminal like Joseph Tse/Say target therapists, you also allow him to impersonate being a therapist. Imagine if someone actually mistook him for being a real therapist based on the merchandise and his branding on the Cafe Press website. Itโs so scary to see Microsoft allow this man to be in a position of power overseeing our Microsoft data. Heโs broken the laws on stalking, doxxing, and is committing extortion on his unethtech website while CafePress allows him to monetize his criminal behavior.
Tiffany Chhuom is a white lady who is very much a Damn Karen. She tokenizes her Asian husband as her excuse for not being racist. But has caused harm towards her husbands parents and siblings. She has been harrasing, bulllying, and stalking multiple people from different marginalized communities. Tiffany Chhuom weaponizes her license as social worker to report people with children to CPS just because she doesnโt like someone. (With all reports proven false)Tiffany Chhuom has also wasted Thurston County Courts time with frivolous Protections Orders that were dismissed by a Judge becuz none of her victims or people she claims have ever threatened her or her husband bodily harm nor have they put anybody in danger. Tiffany Chhuom spends her days constantly stalking and harrasing people for literally no reason but for her own deranged thoughts. None of the people she constantly stalks have ever met her or want to do anything with her. Tiffany Chhuom has made many baseless claims against multiple people claiming they are bullying her or that theyโre criminals. All of Tiffany Chhuomโs claims are false and she cannot provide evidence because Tiffany Chhuom is the biggest liar. Tiffany Chhuom is actually under investigation with Washington State Department Of Health. If anyone looks at unethtech.com one can clearly see that itโs just screenshot/screenrecordings of Tiffany Chhuomโs unhinged behavior towards multiple people (including her harming her husbands family) across many social media sites. Tiffany Chhuom likes to write novels upon novels with baseless claims against multiple people who DO NOT KNOW HER OR WANT TO ASSOCIATE WITH HER. Tiffany Chhuom likes to call herself a whistleblower when all she really does is blow air out her mouth like the deranged woman she is. She does not see patient and should not have a license becuz all she will do is use her own trauma against her patients. She did that when she was a sub professor and got kicked out of her teaching job becuz schools realized they donโt want a deranged unstable woman teaching future therapist such outlandish lies. Tiffany Chhuom also lies about her work history. One should definitely question how someone who lies about her work history was able to get her license as a Therapist. Any of her former colleagues have cut ties with her. I mean itโs only obvious why. Tiffany Chhuom is also a proven heroin addict (which she admitted on a podcast herself) and should be more concerned with getting help for her addiction instead of spending days upon days constantly harrasing, bullying, and stalking others. Tiffany get a damn life and leave your victims alone!!!!!!!
Hello, Just looked at a recent credit report. CafePress is listed on my report and it lists my email as compromised. Please add me.
Yes I was affected
Add me please.
I got rge email too & on my virus vurus orotection apps, until today I still keep getting alerts about my password being leaked by cafepress. They put us in danger & wasnโt even planning to ket us know. What the hell?! Cafepress needs to pay all the people whoโs private infos are now being bought in the dark web.
Yes, I would like to be added. I received an email from the company. Their suggestion? Change my passwords. WTF?! After YEARS of my personal info being out there, thatโs their idea of a solution?! They were aware of the issue and did nothing INCLUDING NOTIFY THEIR CUSTOMERS. We should be compensated.
So before I knew the details I contacted CafePress. I was told that the current owners are not the ones that were at fault but the previous ones so I would have to figure out how to claim cash another way. There should definitely be a claim process. The information that was exposed was not just public records type of information. That was some major information to have put out there on the dark web. There definitely needs to be a payout to those affectedโฆ.and a generous oneโฆThey knew our information was out there and the kind of information that was already exposed and they were not going to let us know. That is ridiculous. I will not post my real name here but my email will be here just in case there is a claim process. Thanks