The Federal Trade Commission is launching a claims process for consumers who had their Social Security numbers exposed in a data breach involving online merchandise platform CafePress.
The claims process stems from a settlement the FTC announced in March 2022 with CafePress over allegations the company failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The company’s data security failures led to a data breach that exposed this sensitive data including Social Security numbers.
Under the settlement with the FTC, Residual Pumpkin Entity, LLC, the former owner of CafePress, and PlanetArt, LLC, which bought CafePress in 2020, were required to implement comprehensive information security programs to address the security problems identified in the complaint. Residual Pumpkin also agreed to pay $500,000, which the FTC is using to compensate victims impacted by the data breach.
The FTC is sending email notices to 184,491 consumers who may be eligible for a payment. Consumers can apply if they were misled by CafePress’s data security claims and had their Social Security Number exposed in the CafePress data breach. Most consumers will be notified by email and a handful of people will receive a notice in the mail. Eligible consumers can file a claim online at www.ftc.gov/CafePress.
Consumers who have questions or need help filing a claim can email info@CafePressSettlement.com or call 1-833-415-2795. The deadline to file a claim is March 10, 2024.
The Commission’s interactive dashboards for refund data provide a state-by-state breakdown of refunds in FTC cases.