CafePress Faces Class Action Over 2019 Data Breach Affecting 23 Million Users
by Erin Shaak
Fus v. CafePress, Inc.
Filed: October 4, 2019 ◆§ 1:19-cv-06601
CafePress, Inc. faces a lawsuit after “the world’s largest online gift shop” operator allegedly concealed for months a data breach that affected more than 23 million customers.
CafePress, Inc. has been hit with a proposed class action lawsuit after “the world’s largest online gift shop” operator allegedly concealed for months a data breach that affected more than 23 million customers.
Filed in Illinois district court, the 22-page lawsuit states that a February 2019 security breach saw an unauthorized party gain access to the private information of more than 23 million customers who used CafePress’s gift shop website. According to the lawsuit, the compromised data included names, addresses, telephone numbers, email addresses, passwords, the last four digits of credit card numbers, credit card expiration dates, and some Social Security and tax identification numbers.
The case claims that despite promising “Safe and Securing Shopping. Guaranteed,” CafePress failed to protect customers’ private information and, to make matters worse, attempted to conceal the breach for almost eight months. After two data breach websites and Forbes reported on the incident over the summer, CafePress forced users to change their passwords, citing a “policy update,” the lawsuit says. It wasn’t until September, according to the suit, that the defendant quietly posted on its website a notification of the security breach. On October 2, 2019, the complaint states, CafePress finally sent out emails in which it notified customers of a “data security incident” that “may have occurred on or about February 19, 2019.”
The lawsuit argues that CafePress customers have been forced to spend time and money monitoring their credit, mitigating the risks of identity theft, addressing fraudulent activity on their accounts, and reviewing their credit reports as a result of the defendant’s conduct.
“Regardless of whether they have yet to incur out-of-pocket losses, Plaintiff and all CafePress customers whose personal information was stolen remain subject to a pervasive, substantial and imminent risk of identity theft and fraud,” the complaint reads, noting that the risk will continue “for years to come.”
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.