Supreme Court Rejects Zappos’ Appeal in Long-Running Data Breach Case

Erin E. Clack

The U.S. Supreme Court on Monday shot down an appeal from Zappos, allowing a lawsuit to move forward over a 2012 data breach. Hackers broke into the Amazon-owned company’s computer systems and accessed the personal information (including names, contact details and partial credit card numbers) of some 24 million customers, leaving them vulnerable to fraud and identity theft.

Zappos argued unsuccessfully in its appeal of the San Francisco-based federal appeals court ruling that there was no evidence of concrete injury to customers as a result of the breach. “The factual scenario this case presents — a database holding customers’ personal information is accessed, but virtually no identity theft or fraud results — is an increasingly common one,” the company wrote.

Related stories

Retail Intel: Under Armour Makes a Splash in India With Michael Phelps + Other News

Best Foot Massagers to Soothe Achy, Sore Feet -- Starting at Only $10

Amazon Is Shutting Down Ads for Money-Losing Products

However, Zappos did admit that “around two dozen consumers said their data was misused following the breach,” but pointed out that it acted swiftly following the breach so that passwords could be reset, preventing serious harm.

Zappos’ customers argue that due to the sensitive nature of the data stolen by hackers, they are at substantial risk of having their personal information used for nefarious purposes at any time, even years later, and long before the fraud is discovered.

The rejection of Zappos’ appeal dealt a major blow to the business world, which is looking to limit its liability in such data breaches, which have become a common occurrence as companies increasingly seek and store customer information on their servers.

Prior to the San Francisco appeals court ruling, a federal judge in Nevada determined that only customers who claimed financial losses had legal standing to sue Zappos. The appeals court then reversed that decision, allowing all of the plaintiffs — whether or not they have traceable proof of actual injury — to pursue their litigation.

Want more?

How Shoppers Want Retailers to Respond to Data Breaches

Court Reopens 2012 Zappos Data Breach Litigation

How to Keep Your Information Safe After the Saks, Lord & Taylor, Under Armour Data Hacks

Sign up for FN's Newsletter. For the latest news, follow us on Facebook, Twitter, and Instagram.