Client Login → | ?
Font Size
- 0 +

Gunster Blog

Jan 16
2012

Zappos Hit Hard By Cyber Attack

by Bob White - Posted In: Gunster, Technology & Entrepreneurial Companies

The popular shoe and apparel ecommerce website Zappos recently suffered a significant cyber attack and data breach. While the exact details of this incident were not disclosed, this appears to have been a massive attack on Zappos’ system. Some confidential customer data was comprised in this attack and was obtained by the hackers.

It appears that approximately 24 million Zappos customers were potentially affected by this attack. In a January 15, 2012 email to employees and customers, the company said that these hackers gained access to customers’ names, e-mail addresses, billing and shipping addresses, phone numbers, some credit card number information and encrypted passwords (not actual passwords). Full credit card information was stored on a separate server and was not stolen in this attack.

Zappos said that it had reset customers’ passwords and would be taking other steps. The company mobilized all employees to help assist customers through this difficult situation. The company also shut down its telephone system due to the expected volume of calls and will communicate by email.

It is unfortunate that this attack happened to Zappos, as it has been a popular website and has been a model of how a good ecommerce site can operate. Zappos reacted quickly to this attack, and it seems that the company has not shirked from making tough decisions in dealing with this situation. Only time will tell how effective Zappos’ efforts will be, but the preliminary indications are that they reacted well to a very difficult situation.

Unfortunately, this serious incident is only the next step in what we believe will be a continuing series of these cyber attacks. Companies continue to develop more sophisticated defenses against these attacks, but it is clear that hackers will also continue to increase the sophistication of their efforts. We believe that these attacks will continue and that they will increase in severity and sophistication.

Any company with an online presence should pay close attention to the attack on Zappos and evaluate their own situations in light of this incident. Remember that all companies which store any kind of personal or sensitive information are vulnerable to these attacks, regardless of the nature of their business. The efforts required to respond to these attacks are substantial and very expensive, and they require a significant amount of damage control (both to minimize legal liability and to mitigate and reduce damages to the company’s brand and reputation).

Every situation is different, but any cyber attack demands several things from a company. First, a very quick response is needed. The company must also get quick and accurate advice from its advisors (particularly technology experts and lawyers) to assure that its response plan has the desired effects. Companies should evaluate other possible protective measures, such as cyber insurance. At a minimum, all companies with any exposure to a cyber attack should have the proper defensive measures in place to prevent or mitigate a cyber attack and a detailed plan for dealing with an attack when it happens. After an attack happens is not the time to be figuring out what to do.

To contact the author, click here

Related Content


Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Tags: Robert C. White, Jr.