How Zappos Defused a Potential Online Privacy Crisis

How Zappos Defused a Potential Online Privacy Crisis

March 23, 2012

How Zappos Defused a Potential Online Privacy Crisis

By: Ifrah Law

When hackers breached the computer systems of online retailer Zappos.com in January, they gained access to the personal information of up to 24 million customers. The information included customer names, billing and shipping addresses, email addresses, and phone numbers. In a predictable response, customers immediately filed federal class action lawsuits against Zappos, and the attorneys general of nine states sent a joint letter to the company demanding more information about the breach of consumer data.

Despite the rush to accuse, much of the personal information that was taken— names, addresses, and phone numbers — is available in any phone book or internet search. Customers and state attorneys general were so quick to accuse Zappos of wrongdoing that they did not stop to consider what Zappos did right.

Thanks to Zappos’ prior planning, the hackers were unable to reach the most sensitive information, such as passwords and full credit card numbers, because they were secured, encrypted, and stored in a separate database. When the breach came to light, Zappos responded immediately by putting into effect its existing contingency plan for a data breach. Zappos quickly alerted customers to the breach via email and automatically reset the passwords of all 24 million customers. Additionally, Zappos informed its employees of the facts of the breach and trained all employees to pitch in and respond to customer inquiries.

Certainly, as the attorneys general’s letter pointed out, there are huge risks involved with any security breach. For instance, even the limited information the hackers obtained from Zappos could be used in carrying out a targeted email phishing scheme aimed at the customers. Keeping customers’ personal information secure is a huge responsibility that all online retailers must take seriously and take every step to avoid.

While Zappos will certainly have to review the circumstances of how this happened and put into place further steps to protect customers’ information, the company’s prior planning prevented a much more serious breach, and its response was swift and effective. Zappos set a good example of the precautions that online merchants should take with customers’ information, and how to respond in case of a breach.

Ifrah Law

Ifrah Law

Ifrah Law is a passionate team of experts that understands the importance of listening to and addressing specific concerns of clients – when facing the heat of a federal investigation or the ire of a business competitor. Experience in complex cases related to online gambling and sports betting, internet marking and advertising, and white collar litigation.

Related Practice(s)
Other Posts
Ready, Set, Go: More States Adopt Privacy Laws
Mar 21, 2024

Ready, Set, Go: More States Adopt Privacy Laws

By: Nicole Kardell
OpenAI’s Legal Troubles Mount as New York Times Lawsuit Escalates Alongside SEC Investigation
Mar 4, 2024

OpenAI’s Legal Troubles Mount as New York Times Lawsuit Escalates Alongside SEC Investigation

By: Jake Gray
Ding Dong – The Police Want Access to Your Doorbell Footage. Can They Get It?
Feb 16, 2024

Ding Dong – The Police Want Access to Your Doorbell Footage. Can They Get It?

By: Abbey Block
2024, AI, and the Harnessing of the Wild West
Jan 10, 2024

2024, AI, and the Harnessing of the Wild West

By: Nicole Kardell

Subscribe to Ifrah Law’s Insights