Class-action suit filed over Zappos computer data leak

Zappos CEO Tony Hsieh responds to questions from the media on Monday, January 16, 2012, one day after the online retailer’s website was hacked. The cyber-attack did not compromise Zappo’s credit card database, but the hacker may have accessed users’ personal data such as name, address, billing and shipping addresses, phone numbers, the last four digits of their credit card numbers and online passwords.

An attorney wasted little time this week in suing and its subsidiary over a data breach potentially affecting some 24 million customers.

Attorney Mark Gray filed suit Monday in Louisville, Ky., federal court in that city on behalf of Zappos customer Theresa D. Stevens, of Beaumont, Texas.

The suit is proposed to be a class action representing all affected Zappos customers.

"This is a consumer class-action lawsuit brought by plaintiff, individually and on behalf of over 24 million similarly-situated persons whose personal customer account information including names, account numbers, passwords, email addresses, billing and shipping addresses, phone numbers and the last four digits of credit cards used to make purchases was stolen by hackers who gained access to’s internal network through the company’s unprotected servers located in western Kentucky," the suit says.

Gray, of Louisville, contended in the suit that Amazon and Zappos violated the federal Fair Credit Reporting Act by failing to protect customers’ personal account information and that the companies' customers suffered an "invasion of privacy by the public disclosure of private facts."

The suit seeks damages that are unspecified but are more than $5 million. They include actual and statutory damages, mental anguish damages and exemplary damages "as punishment and to deter such wrongful conduct in the future."

Zappos CEO Tony Hsieh said in a blog post Sunday that the database that stores customers’ critical credit card and other payment data was not affected by the security breach.

But the lawsuit says customers nevertheless have to worry now about being targeted by identify theft schemes or even "phishing," in which a criminal may pose as being with Zappos, set up a fake Zappos website and try to contact customers to gain their bank account numbers, login information or Social Security numbers.

"Plaintiff and class members were and continue to be damaged in the form of expenses for credit monitoring and identity theft insurance, out-of-pocket expenses, anxiety, emotional distress, loss of privacy and other economic and non-economic harm,” the suit says.

Attorneys for Amazon, based in Seattle, and Zappos, based in Henderson, have not yet answered the lawsuit. A request for comment on the lawsuit was placed with the companies, but company officials couldn't immediately be reached for comment Wednesday.



Previous Discussion:

Discussion 8 comments

Only trusted comments are displayed on this page. Untrusted comments have expired from this story.

  1. That did not take long. There is always an attorney around when they smell money. 1000's of servers are hacked everyday, Zappo's did not leave the door open, someone broke in.

    The new American way, don't work for what you want, find a reason to sue someone!

    Wonder why this country is crashing, look at what has become of Americans.

  2. Ambulance chasing at its finest.

  3. Another bottom feeding shyster lawyer looking for a big payday.

  4. "1000's of servers are hacked everyday, Zappo's did not leave the door open, someone broke in."

    Could you quote your source for this? Or do you even understand system security or are you just spouting off because it's a Vegas company that a few nitwits think is going to save Downtown?

    If thousands of servers every day were getting hacked...I'm fairly sure e-commerce would be nonexistent. Think before you post. I know it's hard, but try.

  5. Mr. Jackson.

    I spent 15 years on network security before selling my company to a nationwide company and retiring so yes, I do believe I know much more about this then you ever will.

    Think before you post is something to consider.

  6. Well that's interesting, so where is this source that can show thousands of servers are hacked every day? I own my own company and am heavily involved in gaming, and have been doing it much, much longer than you have.

    The customer's privacy is the responsibility of Zappos. It doesn't matter how they were breached. If you know anything about business, then you know this.

    Perhaps you should unretire, because if that's what retirement gets you, a life of sitting around posting about Vegas, then I want to work until I'm 100. I post to help kill a little time, but it sounds like you post because you have too much time to kill. Sad.

  7. "Think before you post. I know it's hard, but try."

    brought to you by the same genius that gave us this gem on a Rebel article after the SDSU loss.

    "Let the freefall begin. I will go out on a limb and predict that in 30 days from now, UNLV will be unranked and we won't have to keep reading articles about where a bunch of people THINK they stand."

  8. And what does a basketball prediction have to do with any of this? Definitely a lack of "genius" in this thread.