Enter to open, tab to navigate, enter to select
Zappos Settles with Nine State Attorneys General over 2012 Data Breach
Practical Law Legal Update 2-595-4365 (Approx. 3 pages)
Zappos Settles with Nine State Attorneys General over 2012 Data Breach
by Practical Law Intellectual Property & Technology
| Published on 09 Jan 2015 • USA (National/Federal) |
The Massachusetts Attorney General announced a multi-state settlement with Zappos.com, Inc., which requires the shoe retailer to pay $106,000 and take actions to better protect consumer's information after a 2012 data breach.
On January 7, 2015, Massachusetts Attorney General Martha Coakley issued a press release announcing the settlement of a multi-state inquiry into a 2012 data breach affecting Zappos.com, Inc., which affected more than 740,000 Massachusetts residents. The settlement involves nine state attorneys general and arose out of the unauthorized access of one of Zappos' servers in January 2012.
The 2012 incident affected customers':
- Names.
- Billing and shipping addresses.
- Telephone numbers.
- Login credentials.
The affected data also included the last four digits of customer credit card numbers, but there was no evidence that full credit or debit card numbers or other payment data was affected.
Under the settlement agreement, Zappos will pay a total of $106,000 and has agreed to:
- Maintain and comply with its information security policies and procedures.
- Provide the attorneys general with:
- its current customer information security policy; and
- copies of reports demonstrating compliance with the Payment Card Industry Data Security Standard (PCI DSS) for two years.
- Have a third party audit its personal information security and:
- provide the audit report to the attorneys general; and
- address any identified deficiencies.
- Provide annual training to employees regarding its security policies.