Data Security Incident

Updated: September 5, 2019

This page has been established to provide information regarding a data security incident that involves our customers’ personal information. This page explains what happened and provides information about what you can do in response. We are taking this matter very seriously and sincerely regret any concern it may cause you.

What Happened

CafePress recently discovered that an unidentified third party obtained customer information, without authorisation, that was contained in a CafePress database. Based on our investigation to date, this may have occurred on or about February 19, 2019.

What Information Was Involved

Based on our investigation, we believe the unidentified third party obtained personal information pertaining to approximately 450,000 customer accounts in Australia. The information included names, email addresses, passwords to customer CafePress accounts, and other information. For less than 1% of the affected individuals in Australia, the information also included Tax File Numbers (TFN). We will be notifying these individuals directly.

What We Are Doing

We have been diligently investigating this incident with the assistance of outside experts. We also have contacted and are cooperating with U.S. federal law enforcement authorities. In addition, we have taken various steps to further enhance the security of our systems and your information as a result of this incident, and the affected database has been moved to a different environment.

What You Can Do

We recommend you remain vigilant and take steps to protect against identity theft or fraud, including monitoring your accounts and free credit reports for signs of suspicious activity.

We also recommend that you visit the CafePress website and log in to any online account you may have, which should prompt you to change your account password, if you have not done so recently. In general, you should always ensure that you are not using the same password across multiple accounts, and that you are using strong passwords that are not easy to guess.

Customers should be mindful of the possibility of fraudulent emails and calls due to this incident. Any email you may receive from CafePress about this issue does not ask you to click on any links or open attachments and does not request your personal information. If you believe you have received a fraudulent email that claims to be from CafePress, avoid replying to the email, do not click on the links embedded in the email or download attachments from such suspicious emails.

More Questions

We are fully committed to protecting your information, and we deeply regret that this incident occurred.

If you have any questions or concerns for CafePress, please contact the Australian Support Line at 1.800.104.907. The Support Line is available 24 hours a day, 7 days a week.

Individuals Outside Australia

More information can be found at the links listed below.

CafePress Canada:

CafePress United Kingdom:

CafePress United States: