• CafePress fined $500,000 for breach affecting 23 million users

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » CafePress fined $500,000 for breach affecting 23 million users

    Author
    Topic
    #2456625

    “The U.S. Federal Trade Commission (FTC) has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data.

    “As the consumer protection watchdog explained in a complaint from March 2022, Residual Pumpkin Entity stored its customers’ Social Security numbers and password reset answers in plain text and longer than necessary.”

    https://www.bleepingcomputer.com/news/security/cafepress-fined-500-000-for-breach-affecting-23-million-users/

    _______

    …and the hits just keep on a-comin! Related:

    A year or so ago an associate of mine decided to really delve into his doctor’s “Patient Portal” provider’s security, and actually called them and asked to speak to Security. “It was like swimming in Jell-O,” he told me. “After being transferred to a call center in Chennai, put on hold, disconnected twice, and then left out to dry for 20 minutes, I finally got to ask the individual supposedly responsible if they hashed and salted their critical password and patient access files.

    The answer was, “Wuzzat?”

    He hung up, grabbed a pillow, went into his closet, closed the door and screamed three times into the pillow. “I felt much better after that,” he said.

    He did not use the portal, and I think he switched PCP’s.

    “Dave’s not here.”

    Hi Ho.

    Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
    --
    "Sure I had a plan; Everybody's got a plan until you get hit in the teeth."

    -A Very Famous Boxer

    2 users thanked author for this post.
    Viewing 1 reply thread
    Author
    Replies
    • #2456626

      “The U.S. Federal Trade Commission (FTC) has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data.

      These breaches won’t stop and companies won’t invest in security until it hurts badly.

      The fine should have been $1000 for each account hacked.

      1 user thanked author for this post.
      • #2456721

        The fine should have been $1000 for each account hacked.

        If any were, who would count them, and for how long?

        Windows 11 Pro version 22H2 build 22621.317 (group ASAP) + Microsoft 365

    • #2456629

      stored its customers’ Social Security numbers and password reset answers in plain text

      Why do you give a T-shirt shop your SSN?

      cheers, Paul

      2 users thanked author for this post.
    Viewing 1 reply thread
    Reply To: CafePress fined $500,000 for breach affecting 23 million users

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: