|
January 7, 2015 – Internet shoe retailer Zappos has settled a lawsuit with nine states over a 2012 data breach. The states include Arizona, Connecticut, Florida, Kentucky, Maryland, Massachusetts, Ohio, Pennsylvania and North Carolina.
Zappos will pay the states a total of $106,000; a miniscule amount. More significantly, the terms of the settlement will force the company to adopt new security procedures and policies. These include providing reports on the companies security policies to the States Attorney General for each of the states involved in the settlement, providing them with proof of compliance with the Payment Card Industry Data Security Standard, and subjecting the company to third-party security audits for the next two years.
Additionally, the company has agreed to provide security training to all of its employees on an annual basis.
The 2012 data breach involved information on approximately 740,000 of the company’s customers. Breached data included names, email addresses, billing and shipping addresses, phone numbers and the last four digits of credit card numbers.
While this breach is unlikely to lead directly to identity theft, it does leave Zappos’ customers vulnerable to scams; especially those involving phishing. This is because the people behind the breach know that these consumers have spent money with Zappos and have their email addresses. It would be a very simple matter for these scam artists to develop an email campaign which would appear to come from Zappos, soliciting them with false sales promises in an attempt to gain access to their full credit card numbers.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|
Identity Theft 
