Ex CafePress owner fined $500,000 for 'shoddy' security, covering up data breach

CafePress’s past owner has been fined $500,000 over a litany of security failures and data breaches. 

CafePress is a US platform offering print-on-demand products including clothing, home decor, and kitchenware. Sellers can sign up to the platform, upload their designs, and CafePress takes a cut of any sales made. 

These businesses require key financial information from sellers and purchasers to operate, and as such, they are expected to securely manage this information and handle transactions with security in mind. 

However, CafePress became the subject of a US Federal Trade Commission (FTC) investigation surrounding how it handled security — and how the firm allegedly “failed to secure consumers’ sensitive personal data and covered up a major breach.”

On March 15, the US regulator said that Residual Pumpkin is required to pay $500,000 in damages. According to the FTC’s complaint (.PDF), issued against the platform’s former owner Residual Pumpkin Entity, LLC, and its current owner PlanetArt, LLC, there was a lack of “reasonable security measures” to prevent data breaches.  

In addition, the FTC claims that CafePress kept user data for longer than necessary, stored personally identifiable information (PII) including Social Security numbers and password reset answers in cleartext, and did not patch

Read More: https://www.zdnet.com/article/cafepress-fined-500-million-for-shoddy-security-covering-up-data-breach/#ftag=RSSbaffb68