In re Zappos.com, Inc., Customer Data Security Breach Litigation
|In re Zappos.com, Inc., Customer Data Security Breach Litigation|
|Court||United States District Court for the District of Nevada|
|Decided||September 27, 2012|
|Defendant||Amazon.com, Inc., dba Zappos.com|
|Prosecution||Stacy Penson, Stephanie Priera, Robert Ree, Josh Richards, Christa Seal, Shari Simon, Mrs. Sylvia St. Lawrence, Theresa D. Stevens, Kathryn Vorhoff, Brooke C. Brown, Tara J. Elliott and Ms. Dahlia Habashy|
|Citation(s)||893 F. Supp. 2d 1058|
|Judge(s) sitting||Robert Clive Jones|
Zappos has a customer base of over 24 million people. In January 2012, Zappos suffered a data security breach that gave hackers personal information of their customers. While the security breach exposed names, addresses, and phone numbers of Zappos customers, it did not expose the customers' credit card information. After Zappos became aware of the security breach, Zappos sent an email to its customers notifying them of the security breach and advised that they change their login credentials on the site.
Several Zappos customers independently filed suit against Zappos claiming that their business model did not protect the valuable information of their customers. Plaintiffs listed twelve causes of action for the suit accusing Zappos of not taking adequate measures to safeguard customers' personally identifiable information. By June 2012, there were nine lawsuits in progress, originating from five court districts.
After the lawsuits multiplied, Zappos moved to consolidate these pre-trial proceedings into a centralized forum. The Judicial Panel on Multidistrict Litigation agreed that centralization would help move the cases along by avoiding duplicate work. The most time-saving implementation being a resolution of the facts involved in the case and series of events leading to and following the security breach. Because of the location of the plaintiffs, many suggested their home districts for the centralized proceedings: the District of Nevada, the Western District of Kentucky, the Southern District of Florida, and the District of Massachusetts. The Judicial Panel concluded that the District of Nevada was most appropriate because the breached Zappos servers and their administrators were based in Hendersonville, Nevada.
Any dispute relating in any way to your visit to the Site ... shall be submitted to confidential arbitration in Las Vegas, Nevada, .... You hereby consent to, and waive all defense of lack of personal jurisdiction in the state and federal courts of Nevada.
ACCESSING, BROWSING, OR OTHERWISE USING THE SITE INDICATES YOUR AGREEMENT TO ALL THE TERMS AND CONDITIONS IN THIS AGREEMENT
Opinion of the Court
On 9 September 2013, the Court dismissed most of the common law claims against Zappos. The Court also dismissed a few of the statutory claims, some with leave to amend.
Commentary from law blogs
Law firm Stanfield Hiserodt suggested that the size of the case, with 24 million claimants in the class action, may have played a role in the decision. Stanfield drew attention to the impossibility of having all 24 million individuals visit Nevada for arbitration.
- Text of In re Zappos.com, Inc., Customer Data Security Breach Litigation is available from: CourtListener Google Scholar Justia Leagle Santa Clara Law Digital Commons RECAP Archive
- Other filings in the case: CourtListener Justia Dockets & Filings
- Similar opinions, cited in the Zappos opinion, on browsewrap: Hines v. Overstock. com, Inc., Van Tassell et al v. United Marketing Group, LLC et al
- Goldman, Eric. "How Zappos' User Agreement Failed In Court and Left Zappos Legally Naked". Retrieved 1 October 2013.
- "WSGR Alert: Federal District Court Refuses to Compel Arbitration, Holding That Zappos.com's "Browsewrap" Agreement Was Not a Valid Contract". Wilson Sonsini Goodrich & Rosati. Retrieved 1 October 2013.
- Hsieh, Tony. "Security Email". Retrieved 2 October 2013.
- Boyd, Gregory S. "Court Invalidates Zappos' Browsewrap Agreement". Retrieved 1 October 2013.
- Jones, Robert C. "ORDER". Justia Dockets & Filings. Retrieved 27 October 2013.
- Heyburn II, John G. "TRANSFER ORDER". Justia Dockets & Filings. Retrieved 26 October 2013.
- Stanfield, Paul. "Zappos Gets Zapped. Browsewrap Agreements Are Collateral Damage". Austin Technology Blog. Archived from the original on 17 September 2014. Retrieved 1 October 2013.
- Jones, Robert C. "Order". Justia Dockets & Filings. Retrieved 27 October 2013.
- McKeown, M. Margaret. "CHIRON CORP. v. ORTHO DIAGNOSTIC SYSTEMS, INC". Legale. Retrieved 27 October 2013.
- "Zappos and its effect on "browsewrap" agreements". Retrieved 2 October 2013.