Security News
The U.S. Federal Trade Commission has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data. After its servers were breached multiple times, it tried to cover up the major data breach resulting from its sloppy security practices.
The U.S. Federal Trade Commission has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data. After its servers were breached multiple times, it tried to cover up the major data breach resulting from its sloppy security practices.
The breach, says the FTC, saw hackers make off with more than 20,000,000 plaintext email addresses and weakly-hashed passwords; millions of unencrypted names, physical addresses, and security questions-and-answers; more than 180,000 unencrypted SSNs; and, for tens of thousands of payment cards, the last four digits of the card plus the expiry date. Misrepresenting the steps it took to secure consumer accounts following security incidents.
The FTC wants the former owner of CafePress to cough up $500,000 after the customizable merch bazaar not only tried to cover up a major computer security breach involving millions of netizens, it failed to safeguard customers' personal information. In a complaint [PDF] filed against CafePress former owner Residual Pumpkin Entity and PlanetArt, which bought the platform in 2020, the FTC alleges multiple instances of shoddy security practices at the online biz.
The U.S. Federal Trade Commission wants to slap the former owner of the CafePress custom t-shirt and merchandise site with a $500,000 fine for failing to secure its users' data and attempting to cover up a significant data breach impacting millions. As the consumer protection watchdog explained, CafePress' former owner, Residual Pumpkin Entity, stored its customers' Social Security numbers and password reset answers in plain text, and their data longer than necessary.
23 Million Victims Across US, UK, EU and Australia Receive Breach NotificationsPersonalized product retailer CafePress has been hit with a lawsuit alleging that it failed to notify 23 million...
Maybe check your credit rating, says red-faced firm T-shirt flogger CafePress has finally informed its customers about a serious data loss dating back to February and first reported last month.…
11m other leaked users' p-words hashed with SHA-1 Passwords were among the 23 million customer records siphoned from CafePress by hackers – and the site was using the less secure SHA-1 hashing...
Three-quarters of email addys already in breach database Twee T-shirts 'n' merch purveyor CafePress had 23 million user records swiped – reportedly back in February – and seemingly fingered an...