How Zappos Defused a Potential Online Privacy Crisis
by: Sarah Coffey of Ifrah Law  -  
Saturday, March 24, 2012
How Zappos Defused a Potential Online Privacy Crisis
Print Mail Download i

When hackers breached the computer systems of online retailer Zappos.com in January, they gained access to the personal information of up to 24 million customers. The information included customer names, billing and shipping addresses, email addresses, and phone numbers. In a predictable response, customers immediately filed federal class action lawsuits against Zappos, and the attorneys general of nine states sent a joint letter to the company demanding more information about the breach of consumer data.

Despite the rush to accuse, much of the personal information that was taken— names, addresses, and phone numbers — is available in any phone book or internet search. Customers and state attorneys general were so quick to accuse Zappos of wrongdoing that they did not stop to consider what Zappos did right.

Thanks to Zappos’ prior planning, the hackers were unable to reach the most sensitive information, such as passwords and full credit card numbers, because they were secured, encrypted, and stored in a separate database. When the breach came to light, Zappos responded immediately by putting into effect its existing contingency plan for a data breach. Zappos quickly alerted customers to the breach via email and automatically reset the passwords of all 24 million customers. Additionally, Zappos informed its employees of the facts of the breach and trained all employees to pitch in and respond to customer inquiries.

Certainly, as the attorneys general’s letter pointed out, there are huge risks involved with any security breach. For instance, even the limited information the hackers obtained from Zappos could be used in carrying out a targeted email phishing scheme aimed at the customers. Keeping customers’ personal information secure is a huge responsibility that all online retailers must take seriously and take every step to avoid.

While Zappos will certainly have to review the circumstances of how this happened and put into place further steps to protect customers’ information, the company’s prior planning prevented a much more serious breach, and its response was swift and effective. Zappos set a good example of the precautions that online merchants should take with customers’ information, and how to respond in case of a breach.

© 2024 Ifrah PLLC

Current Legal Analysis

More from Ifrah Law

California Attorney General Flexes Muscle on Mobile Privacy: AG Sues Delta for Lack of Privacy Policy on Mobile Application
by: Michelle Cohen
‘Off-Label’ FDA Cases Can Run Afoul of First Amendment, Federal Appeals Court Holds
by: Jeffrey Hamlin
Are Medicaid Claims Becoming the Next Battleground for False Claims Act (FCA) Cases?
by: Jeffrey Hamlin
D.C. Circuit: Restitution Order Must Involve Victim’s Loss, Not Defendant’s Gain
by: Sarah Coffey
FCC Ruling Permits Confirmation Text Messages for ‘Opt-Out’ Customers
by: Michelle Cohen
New DOJ Guide on Foreign Corrupt Practices Act (FCPA) Provides Guidance, Gives Statute a Broad Reading
by: Sarah Coffey
Domain Names and the First Amendment: The Latest Word
by: Sarah Coffey
CFPB, FTC Announce Crackdown on Deceptive Mortgage Advertising
by: Jeffrey Hamlin
China, Other Nations Need to Crack Down on Software Piracy
by: Sarah Coffey
Policing the Wide, Wild New World of Biometrics
by: Nicole Kardell

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins