Zappos Data Breach

This week, I sent a letter to Zappos regarding the data breach of sensitive customer information after an attack on one of its servers. I am pleased that Zappos has implemented strong data security practices and appears to be responding responsibly in the wake of this breach.

While no financial information was accessed, criminals can use personal information to gain access to consumers’ accounts and commit identity theft and fraud. I have asked that Zappos provide its customers with the option of receiving two years of credit monitoring and a credit freeze, as well as paying any costs resulting from the security breach.

Regrettably, the practices that Zappos employed are not the norm. This is why I have introduced S. 1535, the Personal Data Protection and Breach Accountability Act. This bill ensures companies take adequate steps to protect individuals from data breaches before they occur, to promote information sharing between companies to help prevent future breaches, and to provide remedies to consumers in the wake of data breaches. Last year, the Senate Judiciary Committee passed this bill out of committee, and I await its consideration on the Senate floor.

To prevent further unauthorized access, Zappos has asked that all users create a new password. You can do that by clicking here.