Amazon Hit With Class Action Over Zappos Data Breach

Headline Legal News 2012/01/18 10:08   Bookmark and Share
Shoe retailer Zappos is facing a national class action suit one day after it warned customers that its servers had been hacked.

On Monday, the Amazon-owned shoe company sent a mass email stating that 24 million customer accounts had been breached. The incident resulted in hackers obtaining names, phone numbers, emails, encrypted passwords and the last four numbers of customer credit cards.

The lawsuit claims Amazon violated a part of the Fair Credit Reporting Act by failing to properly encrypt and secure customer information, and seeks unspecified damages for 24 million customers.

The lead plaintiff in the case is a Texas woman but the suit was filed in federal court in Louisville, Kentucky on the grounds that Amazon has servers located in that state.

As these type of hacking incidents have become more common, so too have related lawsuits. So far, though, few of these lawsuits been successful because customers have been unable to show that they have been harmed by the data breaches.

The Kentucky lawsuit appears based in part on a novel legal theory that customers will now be more susceptible to phishing and other online scams because hackers have their email. It also alleges the plaintiffs suffered emotional distress. Other high-profile data breach cases such as one involving Sony’s Play Station have been based in part on state consumer laws.

Although courts have been reluctant to find that customers have been harmed by data breaches, there is evidence this may be changing. A security publication recently reported
that an appeals court allowed customers to claim they suffered harm in the form of having to buy insurance for identity theft.

Some media publications this week praised Zappos’ for having a pre-arranged plan to respond to the data theft. The company claims that its customer credit cards remained secure because they were stored in a separate server.

top









Disclaimer: Nothing posted on this blog is intended, nor should be construed, as legal advice. Blog postings and hosted comments are available for general educational purposes only and should not be used to assess a specific legal situation. Nothing submitted as a comment is confidential. Nor does any comment on a blog post create an attorney-client relationship. The presence of hyperlinks to other third-party websites does not imply that the firm endorses those websites.

Affordable Law Firm Website Design