It’s a truer statement than ever before: we live in the information age. Technology enables myriad conveniences, including the ability to make purchases at any hour of the day without stepping foot into a store. Every once in a while, that technology is compromised.
Popular online retailer Zappos.com has informed over 24 million customers that the database storing their personal information was hacked. Among the data that may have been accessed are customers’ names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of consumers’ credit card numbers and cryptographically scrambled passwords (but not the actual password). Zappos stated that full credit card numbers were not stolen because they were stored separately.
Some might suggest that most of the personally identifying information that was accessed is not particularly private, though others would argue that it should be. In general, names and addresses are easy to come by, and the last four digits of a credit card are found on most sales receipts. That may be why the focus of the company’s announcement about the cyber attack, and its customer-facing action plan, is on the passwords (albeit cryptographically scrambled ones) that may have been accessed.
Zappos automatically expired and reset customer passwords and set up a page instructing customers to create a new password. Further, they recommend that customers change their password on any other websites where the same or a similar password is used.
The Zappos data breach comes on the heels of several large data breaches in 2011 involving customer information. Despite advancements in technology, and retailers’ strongest infrastructure and best intentions, it may be hard to take advantage of technology’s conveniences and feel completely protected at the same time. For more information on data breaches and identity theft protection, please visit ProtectMyID.