Zappos settles charges with nine states over data breach

Posted on by Dissent
There’s been a settlement of charges stemming from a breach disclosed in 2012 that affected 24 million consumers. The settlement requires the online shoe store to guard data, pay $106,000 to NC and 8 states

Raleigh: Nevada-based online retailer Zappos.com will take steps to better protect consumers’ personal information, Attorney General Roy Cooper announced Wednesday.

“When you entrust your personal information to a business, you expect that business to keep it safe,” Cooper said. “Businesses must take the threat of a security breach seriously, and they must do more to protect consumers’ data.”

Zappos will improve protections for customer data under a settlement announced today between the retailer and attorneys general for nine states including North Carolina.  The settlement follows an investigation into a 2012 data breach that released the names, billing and shipping addresses, email addresses, telephone numbers and login credentials of Zappos’ shoppers.

Zappos will also pay the settling states $106,000, including $11,111 to North Carolina to help fund consumer protection efforts in the state. Other states participating in the case include Arizona, Connecticut, Florida, Kentucky, Maryland, Massachusetts, Ohio, and Pennsylvania.

Under the settlement, Zappos is required to take a number of steps to better secure customers’ information and help guard against future hackings or security breaches.  Zappos must:

  • Maintain and comply with information security policies and procedures;
  • Provide the attorney generals with its current security policy regarding customer information;
  • Provide the attorney generals copies of reports demonstrating compliance with the Payment Card Industry Data Security Standard for two years;
  • Have a third party conduct an audit of its security of personal information, provide the audit report to the attorneys general, and address any identified deficiencies; and
  • Provide annual training to employees regarding its security policies.

“Consumers can also protect themselves through common-sense steps like using a different password for each online account and a low-limit credit card for online purchases,” Cooper said.  “It’s also wise to check your credit card statements and your credit report regularly so you can catch problems quickly.”

Consumers can get one free credit report per year from each of the three credit reporting agencies at www.annualcreditreport.com or by calling 1-877-322-8228.

SOURCE: Attorney General Roy Cooper

Category: Business SectorHackOf NoteU.S.