United States of America: Announced investigation into CafePress over alleged failure to implement reasonable security measures to protect sensitive information stored on its network

On 15 March 2022, the Federal Trade Commission (FTC) announced an investigation into the online custom merchandise platform CafePress. The FTC alleges that CafePress failed to secure consumers' sensitive personal data and concealed a major breach. The company is accused of not implementing reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The proposed order requires CafePress to enhance its data security and its former owner to pay half a million dollars to compensate small businesses.