Bondi Reaches Settlement With Zappos Over Data Breach
By Space Coast Daily // January 8, 2015
TALLAHASSEE, FLORIDA —Attorney General Pam Bondi, along with eight other attorneys general, today announced a settlement with Nevada-based online retailer Zappos.com, Inc.
The settlement resolves allegations that Zappos placed consumers’ personal data at risk by allegedly failing to protect financial information during a data breach that occurred in 2012. Zappos has agreed to pay $106,000 to the states and must take certain actions intended to better protect consumers’ information.
Under the terms of the settlement, Zappos is required to:
- Maintain and comply with its information security policies and procedures;
- Provide the attorney generals with its current security policy;
- Provide the attorney generals copies of reports demonstrating compliance with the Payment Card Industry Data Security Standard for two years;
- Have a third party conduct an audit of its security of personal information; and
- Provide relevant training to employees.
The other states participating in the investigation include: Arizona, Connecticut, Kentucky, Maryland, Massachusetts, North Carolina, Ohio, and Pennsylvania.