On August 7, 2019, latesthackingnews.com reported that “CafePress.com, an American e-commerce platform, turns out to be another victim of a cyber attack. Although the store hasn’t revealed anything officially. The news surfaced online suggesting a hacking attack happened earlier this year. It turns out that the site CafePress.com suffered a data breach impacting 23 million accounts.”

Latesthackingnews.com also reported that the hack of CafePress.com occurred in February 2019 and impacted 23,205,290 accounts, “exposing the personal details of users,” such as “names, email addresses, SHA-1 hashed passwords, physical addresses, and phone numbers of the users.”

On August 5, 2019, engadget.com reported that “T-shirt seller CafePress has been asking customers to choose new passwords as part of an updated ‘password policy,’ but the news came soon after reports that the site had been the victim of a data breach in February. Have I Been Pwned claimed that over 23.2 million accounts had been exposed, including email addresses, names, physical addresses and phone numbers.

According to engadget.com, “[p]rovided the reports of a breach are accurate, they raise a number of questions. How recently did CafePress learn of the breach? Has it done anything else to improve security? And why would it only acknowledge a breach through a password reset that doesn’t even mention the security incident? There has been pressure for clearer data breach disclosures, and this could be a textbook example of why. Many users might not even know that there was a breach, let alone how it affects their personal info.”

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.