FTC Orders Company to Pay $500K After Data Breach ‘Cover Up’
E-commerce platform CafePress must pay $500,000 to small businesses and “bolster” its data security practices after it allegedly failed to “secure consumers’ sensitive personal data and covered up a major breach” in 2019, the FTC said Tuesday. The commission voted…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
4-0 to approve the agency’s complaint. It alleged CafePress, an online customized merchandise platform, “failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions.” The complaint was filed against former owner Residual Pumpkin Entity and PlanetArt, which bought the company in 2020. Future violations against the FTC’s order carry civil penalties of up to $46,517 each. The company didn’t comment.