in Newswire Published on October 7, 2019

CafePress Faces Class Action Over 2019 Data Breach Affecting 23 Million Users

by Erin Shaak

Last Updated on September 24, 2024

View Comments

Fus v. CafePress, Inc.

Filed: October 4, 2019 § 1:19-cv-06601

Read Complaint

CafePress, Inc. faces a lawsuit after “the world’s largest online gift shop” operator allegedly concealed for months a data breach that affected more than 23 million customers.

Defendant(s)

CafePress Inc.

Law(s)

State(s)

Illinois

Categories

Privacy Data Breach

CafePress, Inc. has been hit with a proposed class action lawsuit after “the world’s largest online gift shop” operator allegedly concealed for months a data breach that affected more than 23 million customers.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Filed in Illinois district court, the 22-page lawsuit states that a February 2019 security breach saw an unauthorized party gain access to the private information of more than 23 million customers who used CafePress’s gift shop website. According to the lawsuit, the compromised data included names, addresses, telephone numbers, email addresses, passwords, the last four digits of credit card numbers, credit card expiration dates, and some Social Security and tax identification numbers. 

The case claims that despite promising “Safe and Securing Shopping. Guaranteed,” CafePress failed to protect customers’ private information and, to make matters worse, attempted to conceal the breach for almost eight months. After two data breach websites and Forbes reported on the incident over the summer, CafePress forced users to change their passwords, citing a “policy update,” the lawsuit says. It wasn’t until September, according to the suit, that the defendant quietly posted on its website a notification of the security breach. On October 2, 2019, the complaint states, CafePress finally sent out emails in which it notified customers of a “data security incident” that “may have occurred on or about February 19, 2019.”

The lawsuit argues that CafePress customers have been forced to spend time and money monitoring their credit, mitigating the risks of identity theft, addressing fraudulent activity on their accounts, and reviewing their credit reports as a result of the defendant’s conduct.

“Regardless of whether they have yet to incur out-of-pocket losses, Plaintiff and all CafePress customers whose personal information was stolen remain subject to a pervasive, substantial and imminent risk of identity theft and fraud,” the complaint reads, noting that the risk will continue “for years to come.”

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on September 24, 2024 — 12:04 PM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.