Office of the Attorney General
Attorney General Conway Joins Other States Seeking Information about Recent Data Breach at Zappos.com, Inc.

Press Release Date:  Monday, January 23, 2012  
Revision Date:  Monday, January 30, 2012 
Contact Information:  Shelley Catharine Johnson
Deputy Communications Director
502-696-5659 (office)
 


Attorney General Jack Conway is joining the attorneys general from nine other states in seeking information about the recent data breach at Zappos.com, Inc. that affected more than 24 million customers nationwide. In a letter written by Connecticut Attorney General George Jepsen to Zappos.com, the attorneys general ask the online retailer to provide details about the company's actions in response to the breach and its efforts to protect consumers' sensitive information.

"News of a data security breach is always a concern for consumers who risk having their identities stolen and personal financial accounts compromised," General Conway said. "We believe it is important to ask companies about the adequacy of their security practices and to ensure they are doing all they can to notify consumers in the event of an online security breach."

Information on Zappo's website indicates that a hacker accessed parts of its internal network and systems, gaining access to customer personal information such as names and addresses, email addresses, phone numbers, encrypted passwords, and the last four digits of credit card numbers (but not the database that stores credit card and other payment data). In addition to information about Zappo's efforts and actions in response to the breach, the states are also seeking information about the breach and the identification and notification of affected customers. Other states named in the letter include Florida, Massachusetts, North Carolina, New York and Pennsylvania.

For information on how to protect yourself against identity theft, in light of the Zappos.com data breach, visit the Federal Trade Commission's OnGuardOnline.Gov service at http://tinyurl.com/7ylnkhr

These steps include:

  • Changing your passwords or login IDs for other accounts, if you used the same passwords or IDs on your Zappos account.
  • Watch out for "phishing" scams (emails that appear to be from Zappos but are really from a scammer) asking for your credit card number or other sensitive personal information (like a Social Security number).
  • Monitor your accounts and billing statements, and review them regularly for charges you do not recognize.
  • Monitor your credit reports for accuracy. You are entitled to a free copy of your credit report every 12 months from each of the three nationwide consumer reporting agencies (Equifax, Experian, and TransUnion). Go to www.annualcreditreport.com for information or to order your free reports.

For additional consumer protection tips or to access a consumer protection complaint form, please visit http://ag.ky.gov/consumers

Link to the letter to Zappos.com http://goo.gl/BvCiQ