GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Elavon versus Cisero's dispute could have major repercussions

News

Industry Update

Will PayPal hit critical mass with recent deals?

Zappos.com hit with breach, lawsuit

Visa says PIN unnecessary for EMV in U.S.

A European perspective on U.S. EMV

Selling Prepaid

Prepaid in brief

N.J. unclaimed property ruling favors prepaid, sort of

nFinanSe, InComm wrangle over reload network

Views

The CPP exam - before, during and after

Steve Norell
US Merchant Services Inc.

Big changes ahead

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
Putting the right tools into your tool kit

Bill Pirtle
C3ET Credit Card Consortia for Education & Training Inc.

Strategic planning nuts and bolts

Vicki M. Daughdrill
Small Business Resources LLC

Give your goals some oomph!

Adam Moss and Jeffrey Shavitz
Charge Card Systems Inc.

Turn no into knowledge

Jeff Fortney
Clearent LLC

Are your marketing materials compliant?

Peggy Bekavac Olson
Strategic Marketing

Company Profile

CSR - Compliance Solutions and Resources

New Products

A mobile app for Windows

Aircharge Windows Mobile
Cynergy Data LLC

Inspiration

You, too, can become a CPP

Departments

10 Years ago in
The Green Sheet

Forum

Resource Guide

Datebook

Miscellaneous

2012 Calendar of events

A Bigger Thing

The Green Sheet Online Edition

February 13, 2012  •  Issue 12:02:01

previous next

Zappos.com hit with breach, lawsuit

Online fashion retailer and Amazon.com subsidiary Zappos.com revealed in on Jan. 15, 2012, that over 24 million of its customer accounts were breached. Zappos.com said a fraudster was able to obtain names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers listed with accounts, and encrypted passwords.

A class-action lawsuit on behalf of Zappos.com customers was subsequently filed Jan. 16, 2012, in the Western District of Kentucky in Louisville.

Tony Hsieh, Zappos.com Chief Executive Officer, emphasized that the database where credit card and other payment data is stored was not breached. "We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," he wrote to employees and customers following the breach. "We are cooperating with law enforcement to undergo exhaustive investigation."

Zappos.com disconnected its customer service phone lines following the breach, electing to answer customer inquiries into the breach only by email. Hsieh explained, "We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren't capable of handling so much volume. (If 5 percent of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.)"

Zappos.com urged customers to change passwords on its site and on any other sites where they use the same passwords. "We've spent over 12 years building our reputation, brand and trust with our customers," Hsieh said. "It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."

Repercussions

The class-action lawsuit filed in Kentucky said the breach not only forced customers to take the time to reset passwords on Zappos.com and on other sites, but it also represented an invasion into customer privacy that may have future repercussions. "[P]laintiff and class members now face a greater risk of identity theft - including, but not limited to, identity theft from 'phishing' and 'pharming,'" according to the suit.

The complaint charges Zappos.com with willful and negligent violation of the Fair Credit Reporting Act, along with negligence and invasion of privacy by public disclosure of private facts. The class action seeks compensation for customers who, among other things, lost the use of passwords and must deal with credit monitoring and identity theft insurance issues, as well as damages for anxiety and emotional distress caused by the breach.

The complaint also asks for other damages to punish Zappos.com's alleged wrongful conduct and a requirement that Zappos.com submit to periodic compliance audits to ensure cardholder data security is maintained.

When reached for comment, Zappos.com Senior Public Relations Director Diane Coffey said, "We are aware of the lawsuit. Our company policy is not to comment on pending litigation. Every single department in our company is currently focused on assisting customers." At press time, plaintiff attorneys had not responded to requests for comment.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio | Board Studios, Inc.