Class-action suit filed over Zappos computer data leak

Zappos CEO Tony Hsieh responds to questions from the media on Monday, January 16, 2012, one day after the online retailer’s website was hacked. The cyber-attack did not compromise Zappo’s credit card database, but the hacker may have accessed users’ personal data such as name, address, billing and shipping addresses, phone numbers, the last four digits of their credit card numbers and online passwords.

An attorney wasted little time this week in suing Amazon.com and its Zappos.com subsidiary over a data breach potentially affecting some 24 million Zappos.com customers.

Attorney Mark Gray filed suit Monday in Louisville, Ky., federal court in that city on behalf of Zappos customer Theresa D. Stevens, of Beaumont, Texas.

The suit is proposed to be a class action representing all affected Zappos customers.

"This is a consumer class-action lawsuit brought by plaintiff, individually and on behalf of over 24 million similarly-situated persons whose Zappos.com personal customer account information including names, account numbers, passwords, email addresses, billing and shipping addresses, phone numbers and the last four digits of credit cards used to make purchases was stolen by hackers who gained access to Zappos.com’s internal network through the company’s unprotected servers located in western Kentucky," the suit says.

Gray, of Louisville, contended in the suit that Amazon and Zappos violated the federal Fair Credit Reporting Act by failing to protect customers’ personal account information and that the companies' customers suffered an "invasion of privacy by the public disclosure of private facts."

The suit seeks damages that are unspecified but are more than $5 million. They include actual and statutory damages, mental anguish damages and exemplary damages "as punishment and to deter such wrongful conduct in the future."

Zappos CEO Tony Hsieh said in a blog post Sunday that the database that stores customers’ critical credit card and other payment data was not affected by the security breach.

But the lawsuit says customers nevertheless have to worry now about being targeted by identify theft schemes or even "phishing," in which a criminal may pose as being with Zappos, set up a fake Zappos website and try to contact customers to gain their bank account numbers, login information or Social Security numbers.

"Plaintiff and class members were and continue to be damaged in the form of expenses for credit monitoring and identity theft insurance, out-of-pocket expenses, anxiety, emotional distress, loss of privacy and other economic and non-economic harm,” the suit says.

Attorneys for Amazon, based in Seattle, and Zappos, based in Henderson, have not yet answered the lawsuit. A request for comment on the lawsuit was placed with the companies, but company officials couldn't immediately be reached for comment Wednesday.

Business

Share