CafePress recently discovered that an unidentified third party obtained customer information, without authorization, that was contained in a CafePress database. Based on our investigation to date, this may have occurred on or about February 19, 2019.
What Information Was Involved
Based on our investigation, we believe the unidentified third party obtained personal information pertaining to approximately 22 million customer accounts in the United States and globally.
The information included names, email addresses, passwords to customer CafePress accounts, and other information. For less than 1% of the affected individuals, the information also included Social Security Numbers or Tax Identification Numbers. We will be directly notifying these individuals.
What We Are Doing
We have been diligently investigating this incident with the assistance of outside experts. We also have contacted and are cooperating with U.S. federal law enforcement authorities. In addition, we have taken various steps to further enhance the security of our systems and your information as a result of this incident, and the affected database has been moved to a different environment.
What You Can Do
We recommend you remain vigilant and take steps to protect against identity theft or fraud, including monitoring your accounts and free credit reports for signs of suspicious activity.
We also recommend that you visit the CafePress website and log in to any online account you may have, which should prompt you to change your account password, if you have not done so recently. In general, you should always ensure that you are not using the same password across multiple accounts, and that you are using strong passwords that are not easy to guess.
Customers should be mindful of the possibility of fraudulent emails and calls due to this incident. Any email you may receive from CafePress about this issue does not ask you to click on any links or open attachments and does not request your personal information. If you believe you have received a fraudulent email that claims to be from CafePress, avoid replying to the email, do not click on the links embedded in the email or download attachments from such suspicious emails.
We are fully committed to protecting your information, and we deeply regret that this incident occurred.
If you have any questions or concerns for CafePress, please contact: 1-844-386-9557 Monday–Friday from 9:00 a.m. to 9:00 p.m. ET or Saturday–Sunday from 11:00 a.m. to 8:00 p.m. ET.
Individuals Outside the United States
More information can be found at the links listed below.
CafePress Australia: cafepress.com.au/p/security2019
CafePress Canada: cafepress.ca/p/security2019
CafePress United Kingdom: cafepress.co.uk/p/security2019