Amazon.com Sued Over Zappos.com Data Theft Affecting 24+ Million Customers

Amazon.com faces a class action lawsuit (below) over cyber theft of personal account data from more than 24 million customers that did business with the company’s Zappos.com unit.

A Kentucky law firm filed the lawsuit against Zappos.com just one day after the footwear e-tailer’s servers storing customer account information were hacked.

According to Zappos.com CEO Tony Hsieh, customers’ names, e-mail addresses, the last 4 digits of their credit card numbers, birthdays, billing and shipping addresses, phone numbers, and cryptographically scrambled passwords were stolen.

Hsieh advised the company’s employees of the breach via email on Sunday, January 16, 2012:

We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation.

Of course, at such an early stage in the investigation, the Zappos.com CEO almost certainly had no idea whether the theft of customers’ personal data was the work of a single individual (“a criminal”), a larger number of people, or a collective of groups working together to carry out the hack.

In an e-mail allegedly sent to all affected customers, Zappos.com tried to reassure them that the footwear merchant actually had “better news: The database that stores your critical credit card and other payment data was NOT affected or accessed.”

You can read the class action against Amazon.com over theft of Zappos.com customers’ data below, and follow the case docket here.

Class-Action Complaint Over Zappos Customer Data Breach: Stevens v. Amazon.com

Photo credit: grafvision/Shutterstock.com