Sued Over Data Theft Affecting 24+ Million Customers

by faces a class action lawsuit (below) over cyber theft of personal account data from more than 24 million customers that did business with the company’s unit.

A Kentucky law firm filed the lawsuit against just one day after the footwear e-tailer’s servers storing customer account information were hacked.

According to CEO Tony Hsieh, customers’ names, e-mail addresses, the last 4 digits of their credit card numbers, birthdays, billing and shipping addresses, phone numbers, and cryptographically scrambled passwords were stolen.

Hsieh advised the company’s employees of the breach via email on Sunday, January 16, 2012:

We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation.

Of course, at such an early stage in the investigation, the CEO almost certainly had no idea whether the theft of customers’ personal data was the work of a single individual (“a criminal”), a larger number of people, or a collective of groups working together to carry out the hack.

In an e-mail allegedly sent to all affected customers, tried to reassure them that the footwear merchant actually had “better news: The database that stores your critical credit card and other payment data was NOT affected or accessed.”

You can read the class action against over theft of customers’ data below, and follow the case docket here.

Class-Action Complaint Over Zappos Customer Data Breach: Stevens v.

Photo credit: grafvision/