SAN FRANCISCO—Custom apparel and merchandise company CafePress finds itself at the center of a potential class-action lawsuit. The proposed suit comes as a response to the fallout from a massive data breach that occurred earlier this year.
According to InfoSecurity Magazine, the law firm FeganScott is proposing a lawsuit against the company. The firm specializes in consumer rights affairs. According to earlier reports, a massive breach of customer data occurred at CafePress sometime in mid-February 2019, compromising more than 23 million accounts and sensitive information. In some instances, some consumer information may have been compromised as far back as July 2019, the story reports. The company, however, did not publicly inform customers until September 2019, and subsequently notified customers directly in October 2019.
Because CafePress failed to alert customers promptly about the incident, FeganScott tells the publication that the company “failed in its duty to safeguard consumer information.” The suit also alleges that CafePress neglected to provide enough protection to customers because it failed to update crucial software. The company's website had reportedly relied on Secure Hash Algorithm 1 (SHA-1), an algorithm FeganScott claims has been "useless" to thwart attacks since roughly 2005. In 2017, the tech news website Ars Technica declared the function as "officially dead" in an in-depth report.
FeganScott filed the lawsuit at U.S. District Court in Illinois on Oct. 7.