back to article CafePress fined for covering up 2019 customer info leak

The FTC wants the former owner of CafePress to cough up $500,000 after the customizable merch bazaar not only tried to cover up a major computer security breach involving millions of netizens, it failed to safeguard customers' personal information. In a complaint [PDF] filed against CafePress former owner Residual Pumpkin …

  1. Nate Amsden Silver badge

    maybe better than nothing

    Sounds like CafePress failed at almost every level from a technical/security standpoint. $500k seems like a small fine for something that impacted millions of folks especially that amount of data that was stolen. Have no idea what the typical fine is for something like this. Likewise it seemed the penalties for Equifax were very light as well(well for Equifax the penalties were a joke but that breach got me off my ass to finally make a habit of keeping my credit report locked/frozen).

    Given the last 4 of credit card numbers were snagged, wouldn't surprise me if they had lots of PCI problems as well, since obviously they seemed to collect credit card numbers even if they didn't happen to store the full number. (I remember one company I was at before PCI was a thing, you could see full credit card info in their logs if you just set the logs to DEBUG, and the logs were in DEBUG mode most of the time because the app stack was terrible).

    Maybe in the future the penalties will be much greater. How much would the penalty be if this was a GDPR violation, anyone know/guess?

    1. diodesign (Written by Reg staff) Silver badge

      What's $500k to Cafepress?

      As an aside, Cafepress's quarterly revenue was $15m in 2018, on which it made a $1.5m loss. That year it was acquired and taken private by Snapfish for $25m, got hacked in 2019, and was sold to PlanetArt in 2020.

      Those are the final financial figures we have for it.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: What's $500k to Cafepress?

        Thank you for the additional dance diagramming . I'm still unsure which group it was that pissed off the sellers by much reducing payouts. Perhaps it was before 2018, and thus the losses?

  2. HildyJ Silver badge
    Windows

    not much better than nothing

    At least a real rap on the knuckles would hurt somebody. A day in the stocks would be even better. But we don't do that sort of thing anymore. More's the pity.

    Our current punishments reminds me of the swear jar we had where I worked decades ago. You put in a dollar, said you were sorry, and went about your business.

    1. Blofeld's Cat
      Flame

      Swear Jar

      A former colleague used to stuff a tenner in the swear jar at the start of every week on the basis that his role involved handling technical enquiries from Sales and Marketing.

      He usually got his money's worth - and more.

  3. Ace2 Bronze badge

    Do IDS even do anything? Is not having one really negligent?

  4. Anonymous Coward
    Anonymous Coward

    Apparently one of the things taken was " the last four digits of for tens of thousands of credit cards."

    If I wrote a list of every number between 0000 and 9999 I would have a list of the last four digits of every credit card existing.

    if my list only contained the number 0906 then it contains the last 4 digits of approximately 1,400,000 credit / debit cards (based on the lowest figure I could find for credit / debit cards in use of 14 billion)

    1. John Brown (no body) Silver badge

      Yeah, but you don't have a list of numbers linked to names, email addresses and security questions. It's still not a full credit card number, but an extra bit of data linked to a specific person for whom you have other known data. Your list of all known "last 4-digits" will include my card, but you don't know which one. In this beach, they DO know which one.

  5. Andy Landy

    How much?

    Half a million dollar fine for 20 million users?

    So, 2.5 cents per user?

    That's an insult to the affected users, barely even a slap on the wrist. Good grief.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022