Business Briefs

Zappos settles with NC, other states over data breach

Posted January 7, 2015 12:15 p.m. EST
Updated January 7, 2015 12:27 p.m. EST


— Popular online retailer Zappos will take steps to better protect consumers’ personal information under a settlement with nine states, including North Carolina.

North Carolina Attorney General Roy Cooper said Wednesday that the settlement follows an investigation into a 2012 data breach that resulted in the release of customer names, billing and shipping addresses, email addresses, phone numbers and log-in credentials.

Under the settlement, the shoe and clothing company will pay a total of $106,000 to the states, which include Arizona, Connecticut, Florida, Kentucky, Maryland, Massachusetts, Ohio and Pennsylvania. North Carolina will receive $11,111, which Cooper said will be used to pay for consumer protection efforts.

“When you entrust your personal information to a business, you expect that business to keep it safe,” Cooper said. “Businesses must take the threat of a security breach seriously, and they must do more to protect consumers’ data.”

Zappos said it will take the following steps:

  • Maintain and comply with information security policies and procedures.
  • Provide the attorney generals with its current security policy regarding customer information.
  • Provide the attorney generals copies of reports demonstrating compliance with the Payment Card Industry Data Security Standard for two years.
  • Have a third party conduct an audit of its security of personal information, provide the audit report to the attorneys general, and address any identified deficiencies.
  • Provide annual training to employees regarding its security policies.

“Consumers can also protect themselves through common-sense steps like using a different password for each online account and a low-limit credit card for online purchases,” Cooper said. “It’s also wise to check your credit card statements and your credit report regularly so you can catch problems quickly.”