© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

American online retailer fined for covering up a data breach

Online customized merchandise platform CafePress failed to protect sensitive information of buyers and sellers stored on its network, the US Federal Trade Commission (FTC) said.

The complaint, first announced in March, was filed against the former owner of CafePress, Residual Pumpkin Entity, and PlanetArt, which bought CafePress in 2020

The FTC alleged that CafePress “stored Social Security numbers and password reset answers in clear, readable text, retained the data longer than was necessary, failed to apply readily available protections against well-known threats and adequately respond to security incidents, and covered up a major data breach resulting from its shoddy security practices.”

Residual Pumpkin Entity and PlanetArt are required to implement comprehensive information security programs, such as multi-factor authentication, encrypting Social Security numbers, and minimizing the amount of data they collect and retain.

Residual Pumpkin was also fined $500,000, which will be used to provide redress to victims of the data breaches. And PlanetArt will be required to notify consumers whose personal information was accessed due to the data breaches.

More from Cybernews:

Why hackers destroying one Starlink satellite could cause orbital Armageddon

Apple and Android phones hacked by Italian spyware, Google says

Travel fraud: if holiday deal sounds too good to be true – it probably is

Ukrainian cyber experts who stayed behind to work and fight

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked