Kathleen G. Kane - Pennsylvania Office of Attorney General - Protecting Pennsylvanians

  

January 25, 2012

Attorney General Kelly seeks information about consumer impact of data breach at Zappos.com

HARRISBURG - Attorney General Linda Kelly has joined with attorneys general from eight other states in seeking information about the impact on consumers of a recent hacking attack that targeted online retailer Zappos.com. 

"This incident raises concerns for more than 24 million consumers across the country whose private information may have been compromised," Kelly said. "We have requested details about how the breach occurred, the number of customers affected, how and when those consumers were contacted and what security steps Zappos is taking in response to this incident."

Kelly said the letter seeking information about the data breach was sent to the chief executive officer of the Nevada-based online retailer on behalf of the attorneys general from Connecticut, Florida, Kentucky, Massachusetts, North Carolina and New York, along with several other states whose laws prohibit the disclosure of investigations.

"Any data breach triggers concerns about the possibility that innocent consumers will become targets for fraud, e-mail 'phishing' schemes and other scams," Kelly said. "It is essential that businesses take adequate steps to protect the confidentiality and security of private consumer information and respond promptly to any attacks on that data."

Kelly noted that according to published reports, the hacking at Zappos affected parts of the company's internal network and systems, compromising a wide array of personal customer information, including names, billing and shipping addresses, e-mail addresses, phone numbers and encrypted passwords.

Kelly noted that Pennsylvania's Breach of Personal Information Notification Act, approved in 2005, requires businesses to notify Pennsylvania consumers "without unreasonable delay" of any data breach that involves their "personal information" (as defined in that Act).

The company has been asked to respond to the states' inquiry no later than January 27th, with the information to be shared between all of the participating Attorneys General.

Consumers who may be affected by this breach are urged to review tips and information about preventing or responding to identity theft, included in the "Your Money" section of the Attorney General's website (Click on the "ID theft Toolkit" button).