The IT Nerd

The FTC is looking to fine the former owner of CafePress, a custom t-shirt and merchandises site, $500,000 for failing to secure its users’ data and attempting to cover up a significant data breach, which impacted millions. The former owner, Residual Pumpkin Entity, was found storing its customers’ SSNs and passwords in plain text, showing ‘shoddy security practices’, noted the FTC.

Saumitra Das, CTO and Co-Founder, Blue Hexagon had this to say:

 “In this case, CafePress is dealing with customer data as sensitive as SSNs. Organizations need to understand where their data is stored, which data is sensitive and who has access to the data and from where.”

 “Securing data and its access is as critical as networks, identity and endpoints. Assuming every other defense fails, securing data from being exfiltrated or ransomed is critical. 

With the increasing usage of cloud storage which surprisingly still happens to be misconfigured all the time, this issue becomes even more prevalent.”

Hopefully the FTC smacks this guy silly as this is completely unacceptable. Companies need to do more to make sure data is secure. And the fact that a data breach was covered up makes this all the worse.

This entry was posted on March 17, 2022 at 10:40 am and is filed under Commentary with tags Data Breach. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.