The Federal Trade Commission reached a proposed $500,000 settlement with e-commerce platform CafePress over an alleged failure to secure consumers’ personal information against a breach and forced the company to bolster its data security.
CafePress didn’t protect sensitive information on buyers and sellers on its customized merchandise platform, such as Social Security numbers and passwords, the agency alleged in an administrative complaint filed concurrently with the settlement.
A hacker exploited the company’s lax security in February 2019, accessing millions of email addresses, passwords, and other information, some of which was found for sale on the so-called dark web, according to ...