The Zappos Data Debacle: How It Happened
There are some types of news stories that always seem to pop up periodically, such as political scandals, athlete arrests, and celebrity divorces. And here in the 21st century, you can add electronic data breaches 
to that list. The latest one was announced earlier this month by Zappos.com, an online shoe retailer that is owned by e-commerce giant Amazon. However, this data breach is instructive regarding how such problems should be addressed by companies going forward.
On January 15, Zappos revealed that a hacker had breached the company's online security measures and gained access to personal information belonging to more than 24 million of its customers. In an e-mail to all of its customers and employees, Zappos CEO Tony Hsieh said that the thief compromised a server in Kentucky and was able to access the company's internal network, though it is not known exactly how the breach occurred.
(This article is based on the facts that have been made known at the time of its writing. Since the probe into the cause of the breach is still ongoing, these conclusions may not be valid as more information becomes available.)
According to Hsieh, the affected customers could have had one or more of these types of data viewed by an unauthorized user
- name
- physical address (for billing and shipping)
- e-mail address
- telephone number
- last 4 digits of their credit card
- encrypted password
As we look at this list, it becomes apparent that not much real damage could be done to a consumer by a thief armed with this information. After all, the first four entries could be obtained about almost anyone by perusing online information sources. The credit card digits by themselves are of no value (and also frequently appear on retailer receipts), and encrypted passwords are also worthless if the hacker doesn't have the code to decipher them. Even if an unscrupulous individual did succeed in "posing" as an online customer and placing an order on Zappos' website, the real customer could simply dispute the charge after the fact and not be billed for the merchandise.
Zappos made it a point to declare that private information pertaining to customers' credit cards (such as full numbers, security codes, and expiration dates) were not compromised by the data breach. And even though the password data that was stolen was encrypted, Zappos urged all of its customers to change their passwords as a precaution.
Industry watchers are giving Zappos high marks for its handling of this dicey situation. It was clear that Zappos had a plan in place both to announce any breach that was detected and to mitigate the fallout from the discovery. Plus, Zappos complied with PCI standards by storing credit card data in a separate place or using a different encryption method - which prevented the hackers from being able to steal customers' credit card numbers. Zappos also devoted all of its resources into its email support platform, which eliminated the risk of a bigger PR nightmare by forcing its telephone customers to wait on hold for lengthy periods of time.
Unfortunately, electronic data breaches are here to stay in the modern world. But if companies who are victimized by hackers do a better job of preparing for these types of calamities beforehand and handling the aftermath intelligently, the adverse effects of these debacles will continue to be minimized.
Image: marlerblog.com
5-7-2012
by Chris Martin
|
4-6-2012
by Dan Seitz
|
12-5-2011
by Neil Hayashi
|
News & Reviews • Latest from our Blog
|
04-06-2012
You’re a vegetarian. Everyone knows this. Yet every Christmas, grandma sends you a gift card to the Wild West Steakhouse or Crispy Chicken Rotisserie. Well, instead of filling another drawer with unwanted presents, you can now turn those gift cards into rewards points. According to MarketWatch, U. S. Bank and Plastic Jungle (an online secured gift card exchange) have partnered to allow FlexPerks Travel Rewards Visa Signature cardholders to swap...
|
|
04-05-2012
The 2012 Election season is about to go high tech: the swarms of cheery interns and fervent volunteers canvassing every neighborhood from sea to shining sea this year will now be able to get your monetary support with the simple swipe of a credit card. Intuit, Inc. recently announced that their popular GoPayment mobile credit card payment system has been revamped to accommodate political fundraising, which means dumping money into the nearest super...
|
|
04-03-2012
Watch out identity theives…there’s a new dynamic duo in town, and they’re out to fight fraud like never before. MarketWatch recently reported that AllClear ID, an award winning tech company specializing in identity theft protection, has partnered with the National Cyber-Forensics and Training Alliance (NCFTA). The NCFTA includes all kinds of good guys fighting the good fight, pulling together everyone from law enforcement to security researchers....
|