FTC Settles with CafePress Over Data Security Breaches

Lori Kalani, Bernard Nash
Cozen O'Connor
Contact
LinkedIn
Facebook
X
Send
Embed

Cozen O'Connor

  • The FTC has reached a settlement with Residual Pumpkin Entity, LLC and PlanetArt, LLC—the former and current owners of online merchandise platform CafePress (collectively, “CafePress”)—to resolve allegations that CafePress failed to protect consumers’ sensitive information and inadequately responded to a 2019 data breach, in violation of Section 5 of the FTC Act.
  • According to the Complaint, CafePress failed to implement industry-standard security measures such as encryption, patch management, and logging, and failed to respond to security incidents, including a major breach in 2019 in which a hacker exported the personal information of over 22 million customers.
  • Under the terms of the proposed settlement, CafePress must implement a comprehensive information security program, including implementing multi-factor authentication and minimizing the amount of customer data collected and retained, and will pay $500,000 in redress to affected consumers.
  • As previously reported, a group of seven AGs previously reached a settlement with CafePress over alleged consumer protection violations arising from the 2019 data breach.

Written by:

Cozen O'Connor
Cozen O'Connor
Contact
more
less

Cozen O'Connor on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide