Zappos settles with NC, other states over data breach
Posted January 7, 2015
Raleigh, N.C. — Popular online retailer Zappos will take steps to better protect consumers’ personal information under a settlement with nine states, including North Carolina.
North Carolina Attorney General Roy Cooper said Wednesday that the settlement follows an investigation into a 2012 data breach that resulted in the release of customer names, billing and shipping addresses, email addresses, phone numbers and log-in credentials.
Under the settlement, the shoe and clothing company will pay a total of $106,000 to the states, which include Arizona, Connecticut, Florida, Kentucky, Maryland, Massachusetts, Ohio and Pennsylvania. North Carolina will receive $11,111, which Cooper said will be used to pay for consumer protection efforts.
“When you entrust your personal information to a business, you expect that business to keep it safe,” Cooper said. “Businesses must take the threat of a security breach seriously, and they must do more to protect consumers’ data.”
Zappos said it will take the following steps:
- Maintain and comply with information security policies and procedures.
- Provide the attorney generals with its current security policy regarding customer information.
- Provide the attorney generals copies of reports demonstrating compliance with the Payment Card Industry Data Security Standard for two years.
- Have a third party conduct an audit of its security of personal information, provide the audit report to the attorneys general, and address any identified deficiencies.
- Provide annual training to employees regarding its security policies.
“Consumers can also protect themselves through common-sense steps like using a different password for each online account and a low-limit credit card for online purchases,” Cooper said. “It’s also wise to check your credit card statements and your credit report regularly so you can catch problems quickly.”