Nevada-based Internet shoe company Zappos.com is facing nine class-action lawsuits in the wake of an Internet hacker attack that resulted in the information of millions of customers being stolen. The plaintiffs accuse Zappos and its parent company, online retail giant Amazon.com, of failing to protect their personal data, such as their names and phone numbers.
We previously discussed the possible legal fallout Zappos may face after the hacking incident in our Jan. 20 blog post. Customers received an email on or around Jan. 15 from the company's CEO telling them that hackers had stolen data Zappos had stored from 24 million customers. In the email, the CEO said that no credit card information had been stolen, but urged the customers to change their password and at any other website where they used the same password.
As of the prior post, one lawsuit had been filed against Zappos and Amazon. Now, the litigation has expanded to nine class-action lawsuits. The suits include three filed in Nevada and six filed in other states. The suits say that Zappos negligently left the plaintiffs' data exposed to hacking through a bank of unprotected computer servers. Data mined by the hackers include customers' names, addresses, phone numbers and partial credit card numbers.
Attorneys for the defendant businesses are seeking to have the latter six suits moved to Nevada and have all nine suits consolidated in federal court there. The federal panel which the defendants requested approve the consolidation has yet to rule, and the companies have yet to file a response to the lawsuits.
Source: Techflash, "Lawsuits pour in against Amazon in Zappos hacking breach," Greg Lamm, March 7, 2012