FTC Orders Company to Pay $500K After Data Breach ‘Cover Up’
E-commerce platform CafePress must pay $500,000 to small businesses and “bolster” its data security practices after it allegedly failed to “secure consumers’ sensitive personal data and covered up a major breach” in 2019, the FTC said Tuesday. The commission voted…
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
4-0 to approve the agency’s complaint. It alleged CafePress, an online customized merchandise platform, “failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions.” The complaint was filed against former owner Residual Pumpkin Entity and PlanetArt, which bought the company in 2020. Future violations against the FTC’s order carry civil penalties of up to $46,517 each. The company didn’t comment.