United States of America: Issued interim ruling on claims process for consumers affected by CafePress's data security failures

On 10 January 2024, the Federal Trade Commission (FTC) launched a claims process for consumers who had their Social Security numbers exposed in a data breach involving CafePress. This process stems from a settlement announced in March 2022, where CafePress allegedly failed to implement reasonable security measures to protect sensitive information stored on its network. As part of the settlement, the former owners of CafePress, Residual Pumpkin Entity, LLC, and PlanetArt, LLC, which bought CafePress in 2020, were required to implement comprehensive information security programs. Residual Pumpkin also agreed to pay USD 500'000, which the FTC is using to compensate victims impacted by the data breach. The deadline to file a claim is 10 March 2024.