In January, 2012, Zappos announced that they were notifying more than 24 million consumers to change their passwords following a hack. In the months that followed, a to-be-predicted lawsuit was filed, and state attorneys general started investigating. Eventually, Zappos settled with states, and the class-action lawsuit was dismissed in 2015. Whew, right? Not so fast, though. Ross Todd reports that the consumer lawsuit has been revived:
A federal appellate court has revived claims against online shoe retailer Zappos.com Inc. related to a 2012 data breach where hackers stole the personal information of more than 24 million customers.
The U.S. Court of Appeals for the Ninth Circuit on Thursday found that the “imminent” risk of identity theft from the Zappos breach was enough to establish standing to sue for those customers who had not yet been the victim of fraud. The decision reversed a ruling from U.S. District Judge Robert Clive Jones of the District of Nevada who dismissed the claims from plaintiffs who hadn’t alleged any instances of identity theft at the time of the suit.
Read more on The Recorder.