Security News > 2022 > March > Web vendor CafePress fined $500,000 for giving cybersecurity a low value
The breach, says the FTC, saw hackers make off with more than 20,000,000 plaintext email addresses and weakly-hashed passwords; millions of unencrypted names, physical addresses, and security questions-and-answers; more than 180,000 unencrypted SSNs; and, for tens of thousands of payment cards, the last four digits of the card plus the expiry date.
Misrepresenting the steps it took to secure consumer accounts following security incidents.
Failing to employ reasonable data security practices.
Failing to follow up on malware infection incidents with any sort of threat analysis to see what security holes might have been opened up via that malware.
Not having any reliable way of receiving and acting on security alerts from bona fide security researchers, customers, or third parties including public sector cybersecurity responders.
Help security researchers to get hold of you easily.