Penalty Amount
$500,000
The FTC took action against CafePress for failing to secure consumer data and covering up a major data breach. The company stored sensitive information insecurely and delayed notifying customers. As part of the settlement, Residual Pumpkin must pay $500,000 in redress, and both companies must implement comprehensive security programs.
The settlement requires Residual Pumpkin to pay $500,000 to compensate affected small businesses. Both companies must implement comprehensive information security programs, including multi-factor authentication and data minimization. They must also notify affected consumers and undergo third-party security assessments.
In-house legal teams should review all agreements involving the handling of consumer or small business data, including vendor contracts (especially IT/cloud service providers), customer terms of service, and data processing addendums. Focus on clauses governing data security obligations, breach notification timelines (including requirements to notify customers and regulators), data storage/encryption standards, audit rights to verify security practices, and indemnification provisions for data breaches. Given the FTC's order requiring specific controls like multi-factor authentication and comprehensive security programs, contracts may need amendments to mandate these technical safeguards, establish regular security assessments, clarify redress mechanisms for affected parties, and potentially adjust liability caps to reflect heightened security responsibilities.
Entity
Residual Pumpkin Entity, LLC and PlanetArt, LLC
Also known as: CafePress
Industry
TechnologyOfficial Press Release
https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-takes-action-against-cafepress-data-breach-cover
CafePress Complaint 0
https://www.ftc.gov/system/files/ftc_gov/pdf/CafePress-Complaint_0.pdf
Residual Pumpkin Agreement Containing Consent Order
https://www.ftc.gov/system/files/ftc_gov/pdf/Residual%20Pumpkin%20Agreement%20Containing%20Consent%20Order.pdf
PlanetArt Agreement to Containing Consent Order 0
https://www.ftc.gov/system/files/ftc_gov/pdf/PlanetArt%20Agreement%20to%20Containing%20Consent%20Order_0.pdf
Federal Trade Commission Enforcement Page
https://www.ftc.gov/enforcement
"Residual Pumpkin Entity, LLC, the former owner of CafePress, and PlanetArt, LLC, which bought CafePress in 2020"
"Residual Pumpkin to pay $500,000 in redress to victims of the data breaches"
"CafePress employed careless security practices and concealed multiple breaches from consumers."
$500K
The FTC settled with CafePress's former owner Residual Pumpkin Entity, LLC and buyer PlanetArt, LLC over data security failures that led to a breach exposing Social Security numbers and other sensitive data. Residual Pumpkin paid $500,000 for victim compensation, and both companies must implement comprehensive security programs. A claims process is open for affected consumers until March 10, 2024.
The FTC sent warning letters to 12 companies offering 'nudify' tools that generate nonconsensual intimate images, for failing to comply with the TAKE IT DOWN Act (TIDA) by not providing a mechanism for victims to request removal of such content. The letters urge immediate compliance with TIDA, which requires platforms to remove nonconsensual intimate images within 48 hours of a valid request. Noncompliant companies may face future legal action and civil penalties of up to $53,088 per violation.
The FTC began enforcing the TAKE IT DOWN Act on May 19, 2026, a law requiring covered platforms to establish a process for victims to request removal of nonconsensual intimate images and delete such content within 48 hours of a valid request. The agency launched a consumer complaint portal, issued compliance guidance for businesses and consumers, and sent reminder letters to major platforms including Meta, TikTok, and X about their obligations under the law. No specific penalties or enforcement actions against individual companies were announced in this release.
$6.5M
A federal court held Cliq Inc. and its executives Andrew Phillips and John Blaugrund in civil contempt for multiple violations of a 2015 FTC order requiring the payment processor to prevent enabling consumer fraud. The court found the defendants facilitated fraud by processing transactions for high-risk merchants, avoiding fraud monitoring, failing to conduct required underwriting, and ignoring chargeback thresholds. The court imposed $6.5 million in civil contempt sanctions against the defendants.
$795.8M
The FTC and State of Nevada settled charges with lead defendants of the IM Mastery Academy MLM scheme, including Chris and Isis Terry and their affiliated companies, over false earnings claims used to promote financial training programs and a multi-level marketing venture. The stipulated order imposes a $795.8 million judgment, with defendants surrendering nearly $90 million in assets including luxury real estate, vehicles, jewelry, and a yacht, totaling over $100 million with prior judgments from other involved defendants. The order also bans defendants from selling trading-training services, prohibits false earnings claims, and restricts deceptive practices including negative-option misrepresentations and telemarketing violations.
The FTC and State of Illinois, via the Department of Justice, filed a complaint against B.E.S.T. GDR LLC (d/b/a Premium Home Service) and its owner Yosef Bernath for creating thousands of fake home repair business listings with fabricated five-star reviews to deceive consumers. The defendants allegedly routed consumer calls to unqualified representatives, arranged for unlicensed technicians, and violated the FTC Act, Reviews and Testimonials Rule, Gramm-Leach-Bliley Act, and Illinois consumer protection laws. No monetary penalty has been imposed yet as the case is in initial filing stages.