Customer data breach draws federal lawsuit against Nevada-based Zappos, parent company Amazon

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.washingtonpost.com/business/technology/nevada-based-zappos-parent-company-amazon-sued-in-kentucky-over-customer-data-security-breach/2012/01/18/gIQAzYzi8P_story.html

LAS VEGAS — Online retailers Amazon.com and Zappos.com are being sued
in Kentucky by a Texas woman alleging that she and millions of other
customers were harmed by the release of personal account information.

Officials representing Zappos in Nevada and parent company Amazon in
Seattle declined comment Wednesday on the lawsuit filed in U.S.
District Court in Louisville.

The lawsuit was filed Monday after Zappos chief executive Tony Hsieh
alerted employees and customers by email Sunday that names, phone
numbers and email addresses of the shoe retailer’s customers may have
been accessed in a hacker attack. The company said customers’ credit
card and payment information weren’t stolen.

Zappos urged customers to reset passwords to accounts and any other
websites where they use similar passwords.

Zappos said the hacker gained access to its internal network and
systems through one of the company’s servers in Kentucky. Zappos is
based in Henderson, near Las Vegas, and owned by Amazon.com Inc.

Attorneys for plaintiff Theresa D. Stevens of Beaumont, Texas, are
seeking class-action status on behalf of 24 million customers for what
the lawsuit alleges was a violation of the federal Fair Credit
Reporting Act.

“There’s no question there’s been a breach here. Passwords had to be
changed,” said Ben Barnow, a Chicago-based plaintiff’s lawyer working
with Mark Gray of Louisville in the case.

Barnow said he feared the pilfered personal data could be sold by the hacker.

“I think it’s clear this type of information is for sale,” he said.
“The risk is hanging out there.”

The civil negligence lawsuit seeks unspecified millions of dollars in
compensatory and exemplary damages for emotional distress and loss of
privacy, along with a court order for the company to pay for customer
credit monitoring and identity theft insurance and periodic audits to
ensure customer data is secure.

Zappos representative Diane Coffey in Boston and Amazon spokeswoman
Mary Osako in Seattle said both companies have policies against
commenting on litigation.

The Las Vegas Sun reported Wednesday on the case, which has been
referred to a magistrate in Louisville. Court records show that
company lawyers haven’t answered the lawsuit, and no hearing dates
were immediately set.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/