Concerned about a recent hacking attack that may have affected more than 24 million customers, Attorney General George Jepsen, with support from nine other states, has asked Zappos.com, Inc. about its efforts to protect private customer information and its response to the breach.
The Attorney General wrote to the chief executive officer of the on-line retailer’s Nevada headquarters Friday seeking information about how the breach occurred, how affected customers were identified and notified and any corrective plans developed in response.
“This incident raises serious concerns about the possibility of fraud and targeted e-mail ‘phishing’ or other scams, as well as questions about the effectiveness of the company’s measures to protect the confidentiality and security of private information that it receives from consumers,” Attorney General Jepsen wrote.
Published reports said the hacking affected parts of the company’s internal network and systems, compromising a wide array of personal customer information, including names, billing and shipping addresses, e-mail addresses, phone numbers and encrypted passwords.
Jepsen wrote on behalf of Connecticut and Attorneys General in nine other states: Florida, Kentucky, Massachusetts, North Carolina, New York and Pennsylvania among them. Two states have laws prohibiting disclosure of investigations.
The company was asked to forward its responses to Assistant Attorney General Matthew Fitzsimmons, head of the Office’s data privacy task force. The task force was created by Jepsen last year in response to a number of data breach and privacy cases.
Fitzsimmons is handling this matter for the Attorney General with Associate Attorney General Perry Zinn-Rowthorn.
Source: Connecticut Attorney General George Jepsen