June 24, 2022 By Sergiu Gatlan
The U.S. Federal Trade Commission (FTC) has ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for covering up a data breach impacting more than 23 million customers and failing to protect their data.
As the consumer protection watchdog explained in a complaint from March 2022, Residual Pumpkin Entity stored its customers' Social Security numbers and password reset answers in plain text and longer than necessary.
The company also failed to apply available protections and respond to security incidents. After its servers were breached multiple times, it tried to cover up the major data breach resulting from its sloppy security practices.
