CafePress Data Breach FTC Probe Overview:Â
- Who: CafePress agreed to pay $500,000 to end a U.S. Federal Trade Commission (FTC) probe into a 2019 data breach.Â
- Why: The FTC found CafePress failed to properly notify its customers about the breach and failed to implement new procedures to safeguard their data. Â
- Where: CafePress customers nationwide were affected by the breach.
CafePress has agreed to pay $500,000 and improve its cyber security procedures to end a probe by the U.S. Federal Trade Commission (FTC) into its failure to disclose a data breach that exposed customers’ Social Security numbers.Â
The FTC said in a news release that CafePress also kept customers’ password reset answers and Social Security numbers in “clear, readable text” and “retained the data longer than was necessary.”
Per the agreement, CafePress will be required to implement security measures such as multifactor authentication, minimize the amount of data it retains and encrypt Social Security numbers going forward.Â
CafePress security measures came into question following a 2019 data breach that exposed more than 180,000 unencrypted Social Security numbers and millions of unencrypted names, home addresses and security question answers of the online retailers’ customers.Â
The cybercriminal behind the breach also made off with “tens of thousands of partial payment card numbers and expiration dates,” according to the FTC.Â
CafePress Exposed Data Later Found for Sale On Dark Web
The FTC revealed that some of the data exposed in the breach was also later found online and for sale on the dark web.
Instead of informing its customers about the breach, CafePress initially just told them to update their passwords due to a change in its password policy, the FTC says.Â
Further, the FTC says CafePress waited until September 2019 to inform its customers about the data breach, despite being warned about it months earlier in April and it already being widely reported by the media.
The FTC says CafePress also failed for several months to make necessary changes to safeguard the data of its customers, including by letting them continue resetting their passwords with security questions connected to email addresses which had been exposed in the breach.Â
CafePress also should have been aware there were issues with its cybersecurity programs due to a prior problem with the accounts of certain of its shopkeepers falling victim to hackers, in addition to several malware infections, according to the FTC.
Earlier this month, Herff Jones agreed to a $4.35 million settlement to resolve claims it failed to protect its customers data during a 2021 data breach.Â
Were you affected by the CafePress data breach in 2019? Let us know in the comments!Â
The CafePress Data Breach is In The Matter of CafePress, FTC case number 1923209.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
19 thoughts onCafePress To Pay $500K, Improve Cybersecurity Following FTC Probe Over Data Breach
Add me. I was affected
I have received an email notification from Cafepress about a breach of my information.
Are we meant to do something, take any steps?
Yes, I would like to be added. I was a customer for years.
Add me
I was affected by the situation and received an email that I was one of those affected. Is there a claim form for those like me who were affected?
Add me please, I have ordered from CafePress several times during the past years.
Add me
Add me
Yes I was effected gravely by the CafePress! I have multiple times that they have had a breCh I get notifications via Verizon Digital secure, they have my ss number address and phone number. Although I cannot say if they cased me multiple issues with my identity. They are the only one who have breached my information.
Add me