Under Review: 
No Review
Date Breach Made Public: 
January 15, 2012
Las Vegas , NV
United States

Customers with questions about their Zappos passwords may email

Records Breached: 

24 million (No financial information or SSNs reported)

Breach Total Number: 
Year of Breach: 
Type of organization: 
Type of breach: 

Customers were informed that their customer account information on may have been illegally accessed by unauthorized parties.  Customer names, email addresses, billing and shipping addresses, phone numbers, final four digits of credit card numbers, and/or cryptographically scrambled passwords were linked to customer accounts and could have been obtained. The secure database that stores detailed credit card and payment information was not affected by the breach or accessed. Since passwords may have been affected, customers should change their passwords and make sure that their old password is not used for any other sites.

UPDATE (1/21/2012): A resident of Texas is suing and Zappos' parent company on behalf of millions of customers who were affected by the release of personal account information.  The lawsuit is being filed in Kentucky.

UPDATE (9/22/2014):  A federal judge has denied a motion by Zappos to dismiss a class action lawsuit for a breach of customer data in 2012. Reportedly, the parties are nearing a settlement.

More Information: