FTC Looks To Fine CafePress For Failing To Secure Data And Covering Up A Data Breach

The FTC is looking to fine the former owner of CafePress, a custom t-shirt and merchandises site, $500,000 for failing to secure its users’ data and attempting to cover up a significant data breach, which impacted millions. The former owner, Residual Pumpkin Entity, was found storing its customers’ SSNs and passwords in plain text, showing ‘shoddy security practices’, noted the FTC.

Saumitra Das, CTO and Co-Founder, Blue Hexagon had this to say:

 “In this case, CafePress is dealing with customer data as sensitive as SSNs. Organizations need to understand where their data is stored, which data is sensitive and who has access to the data and from where.”

 “Securing data and its access is as critical as networks, identity and endpoints. Assuming every other defense fails, securing data from being exfiltrated or ransomed is critical. 

With the increasing usage of cloud storage which surprisingly still happens to be misconfigured all the time, this issue becomes even more prevalent.”

Hopefully the FTC smacks this guy silly as this is completely unacceptable. Companies need to do more to make sure data is secure. And the fact that a data breach was covered up makes this all the worse.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: