CafePress slapped with $500,000 penalty for data breach

American Online Retailing Giant CafePress has been pressed with a $500,000 penalty for failing to protect the data of its customers. The financial penalty was announced by the US Federal Trade Commission (FTC) and stated that the vendor can raise an objection to the penalty announcement within a stipulated period.

Going deep into the details, CafePressā€™s former owner, Residual Pumpkin Entity, was storing critical customer data such as social security numbers, passwords and other account related info in plain text and not with any authentication.

Often data stored in such formats gets stolen or is fraudulently accessed, leading to cyber frauds such as identity thefts.

So, as per the latest announcement, CafePressā€™s former owner must pay half a million penalty and should take cybersecurity measures to stop user data from being accessed by hackers. This includes usage of multi-factor authentication, encrypting sensitive details such as social security numbers, and not storing any critical information on the retail servers.

CafePress experienced a data breach in Febā€™19 where hackers stole a trove of information such as details belonging to over 23,205,290 users including information related to physical addresses, email addresses, around 18k social security numbers and tons of info related to payment card numbers and their expiry date.

As CafePress used personal data of its consumers for marketing such as email campaign to promote products and services, FTC punished the retailer with $500,000.

NOTE- CafePress sells T-shirts, mugs, bags, wall clocks, calendars, and writing accessories onto which the user can upload graphics of their choice- all a part of the companyā€™s print on demand service. In Septā€™2020, PlanetArt acquired CafePress from its former parent company Shutterfly or Snapfish.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display