Penalty Amount
$500,000
The FTC took action against CafePress for failing to secure consumer data and covering up a major data breach. The company stored sensitive information insecurely and delayed notifying customers. As part of the settlement, Residual Pumpkin must pay $500,000 in redress, and both companies must implement comprehensive security programs.
The settlement requires Residual Pumpkin to pay $500,000 to compensate affected small businesses. Both companies must implement comprehensive information security programs, including multi-factor authentication and data minimization. They must also notify affected consumers and undergo third-party security assessments.
Entity
Residual Pumpkin Entity, LLC and PlanetArt, LLC
Also known as: CafePress
Industry
TechnologyOfficial Press Release
https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-takes-action-against-cafepress-data-breach-cover
CafePress Complaint 0
https://www.ftc.gov/system/files/ftc_gov/pdf/CafePress-Complaint_0.pdf
Residual Pumpkin Agreement Containing Consent Order
https://www.ftc.gov/system/files/ftc_gov/pdf/Residual%20Pumpkin%20Agreement%20Containing%20Consent%20Order.pdf
PlanetArt Agreement to Containing Consent Order 0
https://www.ftc.gov/system/files/ftc_gov/pdf/PlanetArt%20Agreement%20to%20Containing%20Consent%20Order_0.pdf
Federal Trade Commission Enforcement Page
https://www.ftc.gov/enforcement
$500K
The FTC settled with CafePress's former owner Residual Pumpkin Entity, LLC and buyer PlanetArt, LLC over data security failures that led to a breach exposing Social Security numbers and other sensitive data. Residual Pumpkin paid $500,000 for victim compensation, and both companies must implement comprehensive security programs. A claims process is open for affected consumers until March 10, 2024.
$18.0M
Consumer fraud enforcement action where the FTC settled with Air AI for misleading entrepreneurs with false earnings and refund guarantees. The company will be banned from marketing business opportunities and pay a suspended $18 million judgment with $50,000 for consumer relief. Violations included failure to provide required disclosures and false claims under the Telemarketing Sales Rule and Business Opportunity Rule.
$17.0M
Consumer fraud enforcement action where the FTC settled with Xponential Fitness for violating the Franchise Rule by misrepresenting key information to franchisees, including time to open and costs. The settlement includes a $17 million monetary judgment for redress and prohibits future misrepresentations.
Consumer fraud and advertising enforcement action where the FTC sent warning letters to 97 auto dealership groups for deceptive pricing practices, such as advertising prices that exclude mandatory fees, misleading consumers about total costs. The letters stress the need for truthful and transparent pricing in the automotive industry.
$100.0M
The FTC and 11 states settled with Walmart for $100 million over deceptive earnings claims in its Spark Driver gig worker app, where drivers were misled about base pay, tips, and incentives. The settlement also addressed GLBA violations for failing to provide proper notice regarding the handling of drivers' financial information. Walmart must implement an earnings verification program and is banned from misrepresenting driver earnings.
The FTC issued a policy statement announcing it will not enforce COPPA against operators that collect age verification data under specific conditions. The policy aims to encourage the use of age verification technologies to protect children online. Operators must limit data use, ensure security, provide notice, and use accurate verification methods.