Online shoe retailer Zappos wanted the Supreme Court to throw out a class action suit filed by its customers whose personal information was stolen. The Court told Zappos: no.
Andrew Chung filed this report on the Zappos case for Reuters:
The justices denied an appeal by Zappos, a subsidiary of Amazon.com Inc, of a ruling by a California-based federal appeals court that revived the lawsuit, dealing a setback to the company and business groups seeking to limit their liability in data breaches, an increasingly common problem in the internet age.
The case hinges on whether customers whose data has been stolen can sue the company that was hacked even if that information was not used for nefarious purposes such as identity theft or fraudulent charges.
Zappos said customers whose data is not used in those ways are not harmed to such a degree that can sustain a federal lawsuit. But the customers said that after a breach their information can be misused at any time, even years later, and long before the fraud is discovered.
Hackers broke into Zappos’ computer systems in January 2012, gaining access to servers containing identifying information for 24 million customers, including names, contact details and partial credit card numbers.
People who purchased shoes and other items from Zappos filed several proposed class-action lawsuits, saying Zappos used unprotected servers and did not properly encrypt the data. Zappos says it acted swiftly so that passwords could be reset, preventing serious harm.
