Zappos, the large online shoe retailer owned by Amazon, announced a data breach on January 15th compromising 24 million consumer records. Not many days later a civil negligence suit was filed against Zappos and parent company Amazon while lawyers seek to make it a class action law suit on behalf of all the data breach victims.
The data breach occurred at a Zappos data center in Kentucky and it is believed the hacker obtained the names, email addresses, phone numbers, billing and shipping addresses, the last four digits of stored payment cards as well as hashed passwords from 24 million Zappos accounts. Zappos announced the data breach to customers on Sunday January 15th in an email from their CEO informing everyone of the breach and advising them to change their passwords, although it still has not been disclosed exactly how or when the breach occurred.
Thankfully Zappos stores their full credit card information on separate servers and only the last four digits of customer card numbers were exposed. Additionally, Amazon, the world’s largest online retailer with over 100 million users, has completely separate servers which were not compromised. But the effects of this data breach will be far-reaching, nonetheless. With names, emails and phone numbers exposed fraudsters will no doubt target these consumers with phishing attacks. The hashed passwords can be decrypted and fraudsters will attempt to takeover email and other accounts of the breach victims since so many consumers reuse passwords across multiple sites and logins. Since the compromised servers contained names, phone numbers, billing addresses and shipping addresses each of the data breach victims is at risk of identity fraud as well.
Just three days after the Zappos informed customers about the data breach a lawsuit was filed against the company in the U.S. District Court of Louisville, Kentucky. The lawsuit, filed by a woman from Texas, alleges that Zappos was in violation of the Fair Credit Reporting Act and the plaintiff attorneys are seeking class action status for the lawsuit on behalf of all customers affected by the breach. The lawsuit seeks compensation for emotional distress and loss of privacy while requiring Zappos to pay for credit monitoring and identity theft insurance for all breach victims.
For More Information: