How Zappos Defused a Potential Online Privacy Crisis

How Zappos Defused a Potential Online Privacy Crisis

March 23, 2012

How Zappos Defused a Potential Online Privacy Crisis

By: Ifrah Law

When hackers breached the computer systems of online retailer Zappos.com in January, they gained access to the personal information of up to 24 million customers. The information included customer names, billing and shipping addresses, email addresses, and phone numbers. In a predictable response, customers immediately filed federal class action lawsuits against Zappos, and the attorneys general of nine states sent a joint letter to the company demanding more information about the breach of consumer data.

Despite the rush to accuse, much of the personal information that was taken— names, addresses, and phone numbers — is available in any phone book or internet search. Customers and state attorneys general were so quick to accuse Zappos of wrongdoing that they did not stop to consider what Zappos did right.

Thanks to Zappos’ prior planning, the hackers were unable to reach the most sensitive information, such as passwords and full credit card numbers, because they were secured, encrypted, and stored in a separate database. When the breach came to light, Zappos responded immediately by putting into effect its existing contingency plan for a data breach. Zappos quickly alerted customers to the breach via email and automatically reset the passwords of all 24 million customers. Additionally, Zappos informed its employees of the facts of the breach and trained all employees to pitch in and respond to customer inquiries.

Certainly, as the attorneys general’s letter pointed out, there are huge risks involved with any security breach. For instance, even the limited information the hackers obtained from Zappos could be used in carrying out a targeted email phishing scheme aimed at the customers. Keeping customers’ personal information secure is a huge responsibility that all online retailers must take seriously and take every step to avoid.

While Zappos will certainly have to review the circumstances of how this happened and put into place further steps to protect customers’ information, the company’s prior planning prevented a much more serious breach, and its response was swift and effective. Zappos set a good example of the precautions that online merchants should take with customers’ information, and how to respond in case of a breach.

Ifrah Law

Ifrah Law

Ifrah Law is a passionate team of experts that understands the importance of listening to and addressing specific concerns of clients – when facing the heat of a federal investigation or the ire of a business competitor. Experience in complex cases related to online gambling and sports betting, internet marking and advertising, and white collar litigation.

Related Practice(s)
Other Posts
Botnet ZeroAccess Hit With Complaint by Microsoft, but Will This Slow the Malware Industry Down?
Dec 19, 2013

Botnet ZeroAccess Hit With Complaint by Microsoft, but Will This Slow the Malware Industry Down?

By: Ifrah Law
Google Glass Sounds Exciting — But What About Privacy?
Jul 18, 2013

Google Glass Sounds Exciting — But What About Privacy?

By: Ifrah Law
Congress Continues to Examine Data Brokers’ Practices
Nov 13, 2012

Congress Continues to Examine Data Brokers’ Practices

By: Michelle Cohen
Cybersecurity a Desirable Goal, but Does Obama Proposal Go Too Far?
Aug 28, 2012

Cybersecurity a Desirable Goal, but Does Obama Proposal Go Too Far?

By: Steven Eichorn

Subscribe to Ifrah Law’s Insights