Days after Internet retailer Zappos.com announced that hackers had accessed the personal data of millions of its customers, one customer has filed a potential class-action lawsuit against the corporation and its parent company, Amazon.com. The litigation claims that the security leak potentially could cause economic and emotional harm to the plaintiff and other customers whose phone numbers and email addresses were accessed in the cyber attack.
Zappos is an online seller of shoes and other clothing based in Henderson, Nevada, outside of Las Vegas. On Jan. 15, the company’s CEO sent an email to employees and customers telling them that hackers had gotten ahold of the company’s database of customer names, phone number and email addresses. No credit card numbers or payment information was stolen, the email said. However, Zappos urged customers to reset the passwords they used to access the site and to do the same for other sites if they use the same password there.
Though credit cards data was not affected, the lawsuit claims that Zappos violated the federal Fair Credit Reporting Act by allowing the security breach. An attorney for the plaintiff said the contact information could be sold, perhaps to spammers. The plaintiff, who lives in Kentucky, where the suit was filed on Jan. 16, is seeking class action status for the 24 million Zappos customers affected by the incident, the attorney said.
Zappos and Amazon declined comment on the federal lawsuit, citing company policies. Court records indicate that Zappos had not formally responded the suit as of Jan. 18.
Source: Chicago Tribune, “Customer data breach draws federal lawsuit against Nevada-based Zappos, parent company Amazon,” Ken Ritter, Jan. 18, 2012