CafePress agrees to $500K settlement with FTC over data breach

CafePress will pay $500,000 to settle claims from the Federal Trade Commission (FTC) regarding a data breach in 2019. The settlement is for consumers whose Social Security numbers were exposed in the breach. The FTC alleged that CafePress failed to implement reasonable cybersecurity measures to protect sensitive data and attempted to cover up the breach instead of informing consumers. As a result, hackers gained access to plain text Social Security numbers of over 184,000 consumers, as well as inadequately encrypted passwords and password reset question answers.

CafePress, a custom gift vendor that sells clothes, cards, and personalized gifts, was ordered to pay the $500,000 settlement. Some of these funds will be used to make payments to affected consumers. The amount each claimant may receive varies depending on the number of valid claims filed. The deadline to file a claim form is March 10, 2024.

Consumers whose Social Security numbers were exposed in the CafePress data breach in 2019 are eligible to file a claim. It’s important to note that submitting a fraudulent claim can result in penalties and harm other eligible Class Members.

The case is In the Matter of Residual Pumpkin Entity LLC, a limited liability company, formerly d/b/a CafePress; and PlanetArt LLC, a limited liability company, d/b/a CafePress, FTC Matter/File No. 1923209, before the U.S. Federal Trade Commission. Class Counsel includes Lina M Khan, Noah Joshua Phillips, Rebecca Kelly Slaughter, Christine S Wilson, and Alvaro M Bedoya from the FTC.