logo

Law - Zappos.com, Inc. Customer Data Security Breach Litigation

   

Added on  2022-09-08

6 Pages1073 Words20 Views
LAW
Module: Week 7

Case 1: In re: Zappos.com, Inc. Customer Data Security Breach Litigation
Facts of the case
The parties to the case were 24 million customers of Zappos.com and the entity itself
which is a unit of Amazon.com Inc. based at Seattle. Some of the key details that were
hacked included the names, email addresses, account numbers, billing and shipping
addresses, passwords, and the phone numbers of the customers. This was in addition to the
last four digits of the credit cards, as the same are used to make payments for the purchases.
The access was gained by the hackers through the internal networking through the servers
that were located at Shepherdsville, Kentuck (Greenwald, 2018). Some of the customers
alleged the breach of the privacy, while others did not. The issue was acknowledged by the
Zappos the customers were urged to change their passwords on their accounts.
Discussion of the issues
What were rights of the plaintiffs?
What are the rights of the defendants if any?
Discussion of the arguments
The plaintiffs in this case were the numerous customers that engaged in making
purchases from the said website. The argument presented in their favor is the loss of sensitive
financial and personal details, which can be misused. Further, the fact the entity itself asked
customers to change passwords highlights the gravity of the issue. The advantage of this
argument in the light of the cyber security environment of the present times, the companies
are required to understand the significance of strong cyber security practices and policies.
The argument presented in the favor of the opposition side is the requirement of suffering of
the “injury in fact” and not the possible injury as is required to be proven in the court. This is
referred to as standing. As was held in the case of Clapper v. Amnesty International USA, 568
U.S. 398 (2013), it is necessary for the claimants to prove that they actually suffered the harm
and not that they are making the estimation of the harms that may be caused in such a case.
The advantage of this argument is that the damages must be imposed in relation to the harm
caused and not the estimation of the same (Solove, 2018). However, it must be noted that

even if the harm is not caused at present, such an incident highlights the lack of security
which has the enough potential to cause harm, if the same goes undetected or unaddressed.
Conclusion
I agree with the ruling of the court. It was concluded therein the lack of the sufficient
cyber security controls led to the substantial risk, which further led to the breach of the
sensitive data. The reasoning taken by the court was that the though the harm has not yet
been known, however the nature of the information in the breach would enable the hackers to
engage in one in near future. The positive effect on the society from the ruling is increased
consideration of data of customers in online environment.

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cyber Law - Desklib
|7
|1553
|368

Cyber Crime Law
|8
|1683
|301

Duty of Care and Negligence in a Store
|8
|2207
|26

Loewen Group Inc. and Raymond L Loewen vs the USA ICSID Case No. ARB(AF)/98/3/(June 26, 2003)
|19
|1885
|72

Yahoo Data Breach Case Assignment
|9
|3207
|30

Legal Analysis and Critique of Civil Liability Act: Goode v. Angland Case
|6
|1341
|67