Online Retailer Zappos Settles Data Breach Complaint with NC, 8 Other States
Online retailer Zappos.com has reached a settlement with nine states that will compel the company to better protect customer data.
In the settlement agreement between the company and nine state attorneys general, Zappos will pay a total of $106,000 in fines, including $11,111 to North Carolina to fund consumer protection efforts.
Additional states included in the settlement include Arizona, Connecticut, Florida, Kentucky, Maryland, Massachusetts, Ohio, and Pennsylvania.
The settlement follows a 2012 data breach that released the names, billing and shipping address, email address, phone numbers and login credentials for Zappos' customers.
"When you entrust your personal information to a business, you expect that business to keep it safe,"Attorney General Roy Cooper said in a statement. "Businesses must take the threat of a security breach seriously, and they must do more to protect consumers' data."
Along with the monetary payout, Zappos is required to better secure customer information and prevent future breaches. The company must:
- Maintain and comply with information security policies and procedures;
- Provide the attorney generals with its current security policy regarding customer information;
- Provide the attorney generals copies of reports demonstrating compliance with the Payment Card Industry Data Security Standard for two years;
- Have a third party conduct an audit of its security of personal information, provide the audit report to the attorneys general, and address any identified deficiencies; and
- Provide annual training to employees regarding its security policies.
Cooper advises consumers to regularly check their credit report to spot potential problems. Consumers can get one free credit report per year from each of the three credit reporting agencies at annualcreditreport.com or by calling 1-877-322-8228.