When you receive a letter in the mail from an online service that you haven’t used in several years, you know the news can’t be good.
Such was the case with a missive that arrived in my mailbox yesterday from CafePress, the online retailer that lets you buy and sell personalized items like coffee mugs and T-shirts. I must have used CafePress at one time. I honestly can’t remember why. Now the company is sending letters to customers informing them of a “data security incident,” in which an unidentified third party gained access to sensitive user data, including Social Security numbers and tax information.
Apparently, this breach was reported about a month ago, but because the national news cycle is a never-ending firehose of chaos and distraction, many victims of the breach may only be learning about it this week, like me.
As a remedy, CafePress suggests that we victims “remain vigilant and take steps to protect against identity theft and fraud,” because apparently we don’t have enough to do just living our lives. It asks users to log in to the CafePress website, where they will be prompted to change their passwords. It also says it is giving users a complimentary two-year membership to Experian’s IdentityWorks credit-monitoring service.
The letter goes on to provide a list of “additional resources” where users can check their credit reports and set up fraud alerts. Ironically, one of those resources is Equifax, the credit reporting bureau that just agreed to pay nearly $700 million in fines for its own massive data breach.
This would be amusing if it weren’t so sad. These kinds of “dear customer” letters, in which companies assure you that privacy is a top priority while at the same time informing you that they left your data vulnerable, are becoming all too common these days. The worst part is that many customers, by now, have probably become numb to news that their sensitive personal information is floating around out there on the dark web.
I’ve reached out to CafePress for comment and will update if I hear back.