Online retailer Zappos will give customers a 10 percent discount to its online store as settlement for a 2012 data breach that affected 24 million customers, while lawyers in the case will win $1.6 million in fees.
The news shows customers once again getting the short end of the stick when it comes to financial restitution for data breaches, in which lawyers and government regulators tend to get the biggest payoff.
The company unveiled the settlement in a notice of class action from the U.S. District Court, District of Nevada posted on the company’s website, which also included links to relevant court documents (PDF). In the breach, attackers compromised Zappos systems and accessed personal information belonging to more than 24 million of its customers.
Zappos is a large retailer, mainly known for its shoe business, though it also sells a large range of other goods, including clothing and accessories.
The settlement notice applies to “anyone who had an online Zappos.com account on or before January 15, 2012, and for whom Zappos had an email address for the account in its records at that time,” according to the post.
Those affected must follow certain conditions outlined in the settlement and respond by Nov. 29, 2019. People also can choose to opt out of the settlement, which also must be completed by the same date.
If a user chooses to “do nothing,” he or she “will not receive a benefit of the settlement and you will give up certain legal rights,” according to the settlement.
Users also have the option to object to the settlement and participate in a Final Approval Hearing regarding the case.
Zappos also agreed to a pay a service award of $2,500 to each of the 10 class representatives in the suit, for a total of $22,500, subject to court approval, according to the settlement.
Still, while those directly affected by the breach get a settlement that potentially benefits the company that did not aptly protect their data, lawyers who fought the class-action suit garnered the most financial benefit–an award of $1.6 million in fees.
In 2015 Zappos also settled with attorneys general in nine states over the breach, agreeing to pay out $106,000 to Massachusetts, Arizona, Connecticut, Florida, Kentucky, Maryland, North Carolina, Ohio and Pennsylvania.
The disparity in settlements recently led to hundreds of thousands of users affected in the 2017 Equifax breach signing a petition in anger at what they viewed was a lackluster settlement that wouldn’t reward those most affected.
The petition argues that even though Equifax made a hefty financial settlement with government officials over that breach, very little of that cash will trickle down to those who actually suffered because of it. That breach affected 150 million customers.
“It’s time WE send a clear and powerful message — to Equifax, the FTC and Washington in general: DO YOUR JOB. PROTECT US and not corporate executives,” according to the petition, started by Charles Kokoska of Oneida, NY.
What are the top cybersecurity issues associated with privileged account access and credential governance? Experts from Thycotic on Oct. 23 will discuss during our upcoming free Threatpost webinar, “Hackers and Security Pros: Where They Agree & Disagree When It Comes to Your Privileged Access Security.” Click here to register.