Business Briefs

Zappos settles with NC, other states over data breach

Posted January 7, 2015


— Popular online retailer Zappos will take steps to better protect consumers’ personal information under a settlement with nine states, including North Carolina.

North Carolina Attorney General Roy Cooper said Wednesday that the settlement follows an investigation into a 2012 data breach that resulted in the release of customer names, billing and shipping addresses, email addresses, phone numbers and log-in credentials.

Under the settlement, the shoe and clothing company will pay a total of $106,000 to the states, which include Arizona, Connecticut, Florida, Kentucky, Maryland, Massachusetts, Ohio and Pennsylvania. North Carolina will receive $11,111, which Cooper said will be used to pay for consumer protection efforts.

“When you entrust your personal information to a business, you expect that business to keep it safe,” Cooper said. “Businesses must take the threat of a security breach seriously, and they must do more to protect consumers’ data.”

Zappos said it will take the following steps:

  • Maintain and comply with information security policies and procedures.
  • Provide the attorney generals with its current security policy regarding customer information.
  • Provide the attorney generals copies of reports demonstrating compliance with the Payment Card Industry Data Security Standard for two years.
  • Have a third party conduct an audit of its security of personal information, provide the audit report to the attorneys general, and address any identified deficiencies.
  • Provide annual training to employees regarding its security policies.

“Consumers can also protect themselves through common-sense steps like using a different password for each online account and a low-limit credit card for online purchases,” Cooper said. “It’s also wise to check your credit card statements and your credit report regularly so you can catch problems quickly.”


This story is closed for comments.

Oldest First
View all
  • southerngirl1954 Jan 7, 2015

    First I have heard of it!

  • Betsy Riggins Jan 7, 2015
    user avatar

    I understand how consumers were impacted by the breach but can not see how the state itself incurred any damages.

  • Olenc Native Jan 7, 2015
    user avatar

    I love that company.