Shoe retailer Zappos is facing a national class action suit one day after it warned customers that its servers had been hacked.
On Monday, the Amazon-owned shoe company sent a mass email stating that
24 million customer accounts had been breached. The incident resulted in
hackers obtaining names, phone numbers, emails, encrypted passwords and
the last four numbers of customer credit cards.
The lawsuit claims Amazon violated a part of the Fair Credit Reporting
Act by failing to properly encrypt and secure customer information, and
seeks unspecified damages for 24 million customers.
The lead plaintiff in the case is a Texas woman but the suit was filed
in federal court in Louisville, Kentucky on the grounds that Amazon has
servers located in that state.
As these type of hacking incidents have become more common, so too have
related lawsuits. So far, though, few of these lawsuits been successful
because customers have been unable to show that they have been harmed by
the data breaches.
The Kentucky lawsuit appears based in part on a novel legal theory that
customers will now be more susceptible to phishing and other online
scams because hackers have their email. It also alleges the plaintiffs
suffered emotional distress. Other high-profile data breach cases such
as one involving Sony’s Play Station have been based in part on state
consumer laws.
Although courts have been reluctant to find that customers have been
harmed by data breaches, there is evidence this may be changing. A
security publication recently reported
that an appeals court allowed customers to claim they suffered harm in the form of having to buy insurance for identity theft.
Some media publications this week praised Zappos’ for having a
pre-arranged plan to respond to the data theft. The company claims that
its customer credit cards remained secure because they were stored in a
separate server.
No comments:
Post a Comment