Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m

Seven-years-old class-action lawsuit nears its end, but data breach victims won't be happy.
Written by Catalin Cimpanu, Contributor
Image: Zappos

Zappos users who had their data stolen in a 2012 data breach will receive only a meager 10% discount to use on the Zappos online store, as part of a proposed class-action lawsuit settlement.

Their lawyers, on the other hand, are set to receive $1,620,000 in attorneys' fees and other legal costs, according to a preliminary settlement filed last month.

The settlement marks yet another case where data breach victims walk away with nothing following devastating data breaches -- such as the Yahoo settlement (where user cash compensation was maxed at $358.80) and the Equifax settlement (where user cash compensation was maxed at $125, and possibly lower).

The Zappos settlement is not final and is still pending a judge's approval, scheduled for December 20.

However, this is the first settlement on which both parties have formally agreed following a drawn-out, seven-years-old lawsuit that almost reached the US Supreme Court, and is very likely to receive formal approval from the case judge.

Zappos 2012 data breach

The class-action lawsuit stems from a security breach at Zappos, an online shoe retail store that Amazon bought in 2009. Hackers breached Zappos servers and stole the personal data, excluding payment card details, for more than 24 million customers [1, 2, 3].

Impacted users filed a class-action lawsuit following the hack, claiming that Zappos did not adequately protect their data, and demanding reparations.

Zappos initially managed to have the class-action dismissed, but plaintiffs won on the appeal. Zappos' attempt to have the case heard at the US Supreme Court failed earlier this year, forcing the company to enter a settlement with the victims.

Preliminary settlement

Following months of negotiations and back and forward, the two parties finally reached a preliminary settlement on September 19. As part of the proposed settlement, Zappos will not be admitting to any fault in the security breach.

The preliminary settlement's terms have been published on the class-action lawsuit's website.

According to court documents, class lawyers will be emailing impacted Zappos users this month to inform them of the settlement's terms, ways they can opt-out and file a new lawsuit, or ways in which they can file objections to deny the settlement's approval.

Barring any major development on December 20, which usually doesn't happen, the settlement is as good as final.

Following its formal approval by the class-action judge, users will have 60 days to request and use their 10% discount. Probably not the outcome many Zappos users were expecting.

Zappos could not be immediately reached for comment.

2012: Looking back at the major hacks, leaks and data breaches

Editorial standards