Zappos settles claims from Mass. over breach

BOSTON – Nevada-based online retailer Zappos.com Inc. has agreed to pay a total of $106,000 and take actions to better protect consumers’ information following a 2012 data breach that placed consumers’ personal data at risk, outgoing Attorney General Martha Coakley announced this month.
The assurance of discontinuance was joined by attorneys general in eight other states, including Arizona, Connecticut, Florida, Kentucky, Maryland, North Carolina, Ohio and Pennsylvania.
An investigation following the unauthorized access of one of Zappos’ computer servers in January 2012 revealed that the server contained customer names, billing and shipping addresses, telephone numbers, the last four digits of credit card numbers, and login credentials of customers. There was no evidence that full credit or debit card numbers or other payment data was impacted by the breach. More than 740,000 Massachusetts residents were affected.
Under the terms of the settlement, Massachusetts will receive more than $11,000. Other selected provisions include:
• Maintain and comply with its information security policies and procedures.
• Provide the attorneys general with its current security policy regarding customer information.
• Provide the attorneys general copies of reports demonstrating compliance with the Payment Card Industry Data Security Standard for two years. •

No posts to display