Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Amazon sued in Zappos hack affecting 24 million customers

Reprints
Amazon sued in Zappos hack affecting 24 million customers

LOUSIVILLE, Ky.—A putative class action lawsuit has been filed in federal court in Louisville, Ky., in connection with a hacking incident over the weekend that led to the access of personal information on 24 million customers of Zappos.com, a unit of Amazon.com Inc.

According to the lawsuit, Theresa D. Stevens vs. Amazon.com Inc., DBA Zappos.com, filed Monday in U.S. District Court for the Western District of Kentucky in Louisville, the thieves gained access to the online shoe retailer's internal network through servers located in Shepherdsville, Ky.

The Zappos data stolen included names, account numbers, passwords, email addresses, billing and shipping addresses, phone numbers and the last four digits of credit cards used to make purchases. A letter describing the hacking was sent to 24 million customers by Zappos CEO Tony Hsieh on Monday, according to the lawsuit.

The suit alleges that Seattle-based Amazon “failed to adopt and maintain adequate procedures to protect such information and limit its dissemination only for the permissible purposes set forth” in the Fair Credit Reporting Act.

“Defendant's wrongful actions and/or inaction also constitute common law invasion of privacy by the public disclosure of private facts and common law negligence,” according to the suit.

As a result of the theft, class members “are more likely to unknowingly give away their sensitive personal information” to “thieves who specialize in constructing spoof websites and emails that mirror the brand they're spoofing—such as Zappos.com and/or other popular online retailers and financial institutions,” according to the suit, which accuses Amazon of willful and negligent violations of the FCRA, negligence and invasion of privacy by public disclosure of private facts.

It seeks actual, economic, mental anguish, statutory, exemplary and/or nominal damages, and injunctive relief and attorney fees, litigation expenses and costs.

An Amazon spokesman could not immediately be reached for comment.

A survey last year found that most consumers in the United States, Great Britain and Australia are worried about possible exposure of their personal information, and many have lost confidence in how companies protect this data.

For in-depth coverage of this topic and related issues, visit our Solution Arc on Managing and Insuring Cyber Security Risks.

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.