Security News > 2022 > June > FTC fines CafePress $500K for breach affecting 23 million users
The U.S. Federal Trade Commission has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data.
After its servers were breached multiple times, it tried to cover up the major data breach resulting from its sloppy security practices.
CafePress allegedly tried to cover up this massive data breach and didn't notify any affected individuals until September 2019, one month after BleepingComputer reported the breach.
CafePress knew that it had data security problems even before the 2019 breach since, according to FTC's complaint, the company found out that some of its shopkeepers' accounts had been compromised since at least January 2018.
Several malware infections also impacted the company's network before the 2019 security breach, and CafePress, once again, failed to investigate the attacks.
When it announced the complaint in March, the FTC claimed that CafePress "Misled users by using consumer email addresses for marketing despite its promises that such information would only be used to fulfill orders consumers had placed."