CafePress, Inc. is an American company that operates as an online retailer of inventory and on-demand items personalized by customers. The business started in San Mateo, California, but now the company’s headquarters and manufacturing plants are both located in Louisville, Kentucky. CafePress.com won the 2001 People’s Voice Webby Award for Excellence.
Customers may submit their own graphic designs, business logos or text, which the company will include in its products. Also available through CafePress.com is a print-on-demand service for wall art and stationery. The website also provides the ability for users to set up their own “shop” on CafePress, complete with online store, website hosting, order management, fulfillment, payment processing and customer management.
What happen?
The US Federal Trade Commission (FTC) secures 23 million customers to the former owner of Residual Pumpkin Entity, a cafepress t-shirt and merchandise site, and conceals a data breach that affected those customers.
The Federal Trade Commission today took action on allegations that the online personalized merchandise platform CafePress failed to protect consumers’ sensitive personal data and concealed a significant breach. The FTC alleges that CafePress has failed to implement reasonable security measures to protect sensitive information stored on its network, including plaintext social security numbers, improperly encrypted passwords, and answers to password reset questions. The commission’s proposed order would force companies to tighten data security and require former owners to pay $500,000 in compensation to small businesses.
FTC Consumer Protection Commissioner Samuel Levine said, “CafePress introduced careless security practices and hid several breaches from consumers. “These orders extend accountability for loose security practices, requiring remedial action on affected small businesses, and require specific controls such as multi-factor authentication to better protect privacy.”
As explained in a complaint filed by Consumer Protection Watch in March 2022, the Residual Amber Corporation stored long-term plaintext answers to customers’ social security number and password reset questions. than the time needed.
Additionally, organizations have not implemented available safeguards or have not adequately responded to security concerns. We tried to cover up a significant data breach that occurred as a result of loose security policies that our servers implemented after being repeatedly attacked.
In addition to paying a $500,000 fine, the final order stipulates that Residual Pumpkin and PlanetArt (the new owners of CAfePress) must implement multi-factor authentication, minimize the amount of data collected and maintained, and encrypt everything. Saved social security number.
PlanetArt was also required to notify customers and sellers whose personal information was accessed or stolen during a security breach and provide advice to these buyers and sellers on how they can protect themselves from further harm.
like blipping computer After a security breach that reportedly took place in February 2019, an anonymous perpetrator had access to 23,205,290 CafePress members’ personally identifiable information, leaked, and then offered to sell on the dark web. This information included the following details:
- Millions of email addresses and passwords with weak encryption
- Millions of unencrypted names, real addresses, and security questions and answers
- 180,000+ unencrypted social security numbers;
- Tens of thousands of partial payment card numbers and expiration dates.
CafePress isn’t the only one to have recently been fined as four security breaches between 2019 and 2021 exposed significant amounts of sensitive customer data. Cruise line operator Carnival Corp (CCL.N) for a “grave” violation of cybersecurity regulations.
According to the New York State Department of Financial Services, Carnival violated state law on cybersecurity. Without multi-factor authentication, it would have been more difficult for dishonest individuals to access the company’s internal network.
If you like this article, let us know how you feel by leaving a comment below. Don’t forget to follow us. LinkedIn, Twitter, Facebook, Youtubeor Instagram To keep you up to date with everything we post!