"The Federal Trade Commission (“FTC”) announced this afternoon an enforcement action against the former and current owners of online platform CafePress for failing to implement adequate cybersecurity and also for a cover up of a data breach in 2019... In February 2019, CafePress’ online databases were hacked, exposing the data associated with a total of 23,205,290 user accounts... The compromised data purportedly included users’ email addresses, passwords, names, addresses, phone numbers, the last four digits of customers’ credit card numbers, credit card expiration dates, and Social Security numbers... The FTC’s Complaint in the case 'allege[d] that CafePress failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions.'..." https://www.lexblog.com/2022/03/15/...nst-online-platform-for-data-breach-cover-up/
