Customer data breach draws federal lawsuit against Nevada-based Zappos, parent company Amazon

Associated Press reports:

Online retailers and are being sued in Kentucky by a Texas woman alleging that she and millions of other customers were harmed by the release of personal account information.


Attorneys for plaintiff Theresa D. Stevens of Beaumont, Texas, are seeking class-action status on behalf of 24 million customers for what the lawsuit alleges was a violation of the federal Fair Credit Reporting Act.

Read more from AP in the Washington Post.

Harmed how? From the story, there’s no actual harm alleged at this point other than an increased risk of harm, which courts have generally not recognized, and emotional distress, which they also have not recognized.  I guess we’ll have to wait and see if this lawsuit also gets dismissed.

About the author: Dissent

Has one comment to “Customer data breach draws federal lawsuit against Nevada-based Zappos, parent company Amazon”

You can leave a reply or Trackback this post.
  1. major_tom - January 24, 2012

    This is the downfall of America. Big businesses know through many other large cases, that the ability to sue these large companies after a breach is slim to none. It depends on the wording, and classification of the lawsuit.

    America has to protect the big businesses, otherwise they would all be looked at as prey. But on the other hand, if the company is looking at the almighty dollar vice implementing security, there may be room for neglect.

    I am truly surprised that all these companies cannot come together and take thier best talent and create a truly secure ecommerce product. Not only will this product be secure, faster, and allow for a better secure supply chain, it will show some unity in the businesses where its usually a catfight day to day.

    If anyone has been in any tirestore and you look at the antiquated systems they use to process orders, one has to wonder how far back in time many major retailers are in that windows as well.

    Company reputation seems only to come to light when it is threatened. If it is bragged upon, then it can become a motivational factor for some one to try to penetrate that company. Its all about fame and/or fortune. Do I Honestly care if a compnay has been hacked? Not really. There are many that get so worked up about an issue they are truly not part of, it becomes this three ring circus that the people responsible feel they can feed off that negativity and keep rolling that stench onto another company.

    This way of doing “business” is truly broken. It’s become a pandemic when people use a credit card openly without thinking of consequences when they store the card on a companies website. I use a payment gateway where ever I can. If they have Paypal, I will use that 100% of the time. In my opinion there is NO viable reason for companies to hold credit card data – none what so ever. Its a matter of convenience that adds a pile of risk that sweetens the pot for those that breach corporations.

    What ever happened to the ” Work smarter, not harder” ? In this age, the only only who seems to be working together are the crooks. The crooks know that getting big business to co-operate is probably never going to happen, so technology will fail across most american businesses and there will always be a ripe target making the news. You have to do one of two things – either severely punish the corporations for their inability to secure PII, to the edge of bankruptcy or for the few hackers/crooks you do catch, make it a mandatory 10 year sentence. Whats the difference if a person walks in the bank or high end retail store wishing to commit a felony, or doing it online which potentially affects alot more people?

    The “class action” is an attempt for some one at another get rich quick attack at a corporation. It could be nothing more than a leech attempt at a corporations bottom line – their pocketbook. These people are nothing more than a person trying to say they were severely damaged when in a mild fender bender. the word “CLASS” should be ammended to say “Classless” action suit. Thats where it belongs.

    There is NOTHING that says a user of ANY site HAS to retain credit card information. Believing in a site that has multiple “hacker free” and “secure” site shields is only raping the corporate world and providing a false sense security that knee-jerks an individual in storing credit cards on a site that is far from secure.

    All I can add is, it can only get better – Risk management and security across the board is near the bottom of the barrel as we speak.

Comments are closed.