An Interest In:
Web News this Week
- April 12, 2024
- April 11, 2024
- April 10, 2024
- April 9, 2024
- April 8, 2024
- April 7, 2024
- April 6, 2024
Some of Our Sources
- Slashdot
- BoingBoing
- TutsPlus - Code
- Team Treehouse
- Spoon Graphics
- Six Revisions
- Vandelay Design
- You The Designer
- Wal You
- The Verge
Help Webnuz
Referal links:
March 21, 2022 11:34 am
Original Link: https://it.slashdot.org/story/22/03/20/2351231/cafepresss-previous-owner-fined-500000-for-shoddy-security-covering-up-data-breach?utm_source=rss1.0mai
CafePress's Previous Owner Fined $500,000 for 'Shoddy' Security, Covering up Data Breach
ZDNet describes CafePress as "a U.S. platform offering print-on-demand products" like custom t-shirts, hats, and mugs. "CafePress's past owner has been fined $500,000 over a litany of security failures and data breaches," ZDNet reported this week:CafePress became the subject of a US Federal Trade Commission (FTC) investigation surrounding how it handled security — and how the firm allegedly "failed to secure consumers' sensitive personal data and covered up a major breach." On March 15, the US regulator said that Residual Pumpkin is required to pay $500,000 in damages. According to the FTC's complaint (PDF), issued against the platform's former owner Residual Pumpkin Entity, LLC, and its current owner PlanetArt, LLC, there was a lack of "reasonable security measures" to prevent data breaches. In addition, the FTC claims that CafePress kept user data for longer than necessary, stored personally identifiable information including Social Security numbers and password reset answers in cleartext, and did not patch against known system vulnerabilities. "As a result of its shoddy security practices, CafePress' network was breached multiple times," the FTC says. CafePress experienced a major security incident in 2019. An attacker infiltrated the platform in February 2019 and was able to access data belonging to millions of users. This included email addresses, poorly-encrypted passwords, names, home addresses, security questions and answers, some partial card payment records, phone numbers, and at least 180,000 unencrypted Social Security numbers.... According to the FTC, CafePress was notified a month after the breach and did patch the security flaw — but did not investigate the breach properly "for several months." Customers were also not told. Instead, CafePress implemented a forced password reset as part of its "policy" and only informed users in September 2019, once the data breach had been publicly reported. In a separate case in 2018, CafePress allegedly was made aware of shops being compromised. These accounts were closed — and the shopkeepers, the victims, were then charged $25 account closure fees. The FTC also claims that the company "misled" users by using consumer email addresses for marketing, despite promises to the contrary.Read more of this story at Slashdot.
Original Link: https://it.slashdot.org/story/22/03/20/2351231/cafepresss-previous-owner-fined-500000-for-shoddy-security-covering-up-data-breach?utm_source=rss1.0mai
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot