LOUISVILLE (CN) – A federal class action claims Zappos.com and its corporate parent Amazon.com compromised 24 million people’s personal information by letting hackers into “unprotected servers” in western Kentucky.
The class claims: “On January 16, 2012, plaintiff and over 24 million class members received an email from Zappos.com notifying them that their PCAI [personal customer account information] had been stolen and/or compromised.
“According to Tony Hsieh, the Zappos.com CEO, plaintiff’s and class members’ PCAI including, inter alia, their names, account numbers, passwords, email addresses, billing and shipping address, phone numbers, and the last four digits of the credit cards used to make purchases was stolen by hackers who gained access to Zappos.com’s internal network through its unprotected servers located in, on information and believe, Shepherdsville, Kentucky.”
Amazon bought Zappos in 2009.
The class seeks damages and exemplary for privacy invasion, negligence, and willful and negligent violation of the Fair Credit Reporting Act, plus costs and credit monitoring.
Their lead counsel is Mark Gray with Gray & White of Louisville.