Zappos Data Breach consolation might be the most egregious one yet

Originally published at: https://boingboing.net/2019/10/23/zappos-data-breach-consolation.html

…

I used to use Zappos for all of my shoe purchases – their selection and prices used to be terrific.

Since they became an Amazon company, they’ve steadily gotten worse and worse, and I haven’t used them in years. And I’m certainly not going to buy a 10% off pair of shoes to thank them for exposing my personal data.

Yes, let’s be clear “Zappos” here is “Amazon.” Like Woot, another entrepreneurial, creative business sucked into a monopoly that feared competition from it, which has now lost its edge and just plain sucks. Where is the ghost of Teddy Roosevelt and other trust-busting Republicans?

I got the same email. Not sure I’ve ever been insulted by a data breach notification before. The email is pretty impressive in the amount of stupid they packed into it.

ETA: I’ve been notified that I was part of a data breach 3 times in the last week now. Whee!

10% is really shoddy, given the margins on clothing/shoes, even when it’s Amazon undercutting other outlets.

Hm, interesting. I know for a fact i bought stuff through Zappos before 2012 but i never got such an email from them unless they sent me a physical letter to one of my old addresses? Still i figure that they should’ve emailed me.

To put it all in context, if you go on Zappos right now and buy $100 worth of product, they’ll give you a $25 credit toward your next purchase. So, you know, random strangers get a better deal out of Zappos than the people Zappos already burned.

Side note: It’s important for people to opt out of the Equifax settlement, and you have to send them a letter to do so. That $125 amount will be watered down to almost nothing, and if you suffer actual damages from the breach they will have no responsibility to help you if you accept whatever piddly check they do send you.

I don’t understand how an actual, terrestrial human judge could possibly award advertising coupons as damages. Maybe a company that was circling the drain could be allowed to pay its victims in shoes or something, but a 10% off coupon is not in any way “compensation”.

If this is what the respective lawyers came up with, then the lawyers for the class probably need to be sued for malpractice; if a judge came up with it, you would think / hope it could be appealed.

Anyway, this kind of thing always seems like going through the motions. The fact is, there is no level of compensation that would make it OK for companies to be routinely compiling and then losing giant radioactive datasets. That needs to not be happening in the first place.

"I’m so so so soooorrryy I took your dollar and punched you right in the nose.
But here’s the good news: For only 90¢, I will now punch you in the nose!
Who’s your buddy???"

I still think the Equifax thing is more egregious: not only did they leak more significant data (if someone wants to steal my identity knowing only my shoe size, good luck to them), but that supposed $125 is only available if (a) they can’t force you into accepting credit monitoring instead and (b) no one else shows up to claim it. Realistically, a few people will get the price of a cheap pizza out of it (with no extra toppings), and everyone else will get jack shit in exchange for Equifax smearing their private details all over the Dark Web.

So long as companies get to write their own settlement terms, and the class action lawyers are primarily concerned with guaranteeing the size of their compensation, we’re going to see more of this.

Eventually corporations are going to start fining the end users for data breaches.

FWIW, these types of coupon settlements are pretty rare now and most courts are not going to approve it. This one may one of the last gasp of this type.

And this is a laughably low settlement amount, but it appears that’s mostly because the facts of the case made it very difficult for the plaintiffs. No negligence found, and no actual harm demonstrated from the breach makes it an uphill fight. The $1.6m in attorneys fees and costs for a case filed in 2012 and taken to the Supreme Court and back means that no attorney is making any real money on this, either. Small consolation for a crappy situation, but there it is.

Well, yeah. We’re the ones that put them in this jam to begin with. If we hadn’t recklessly filled their databases with sweet, sweet data, no one would hack them.

I’m reminded of the old and silly lawsuit against Netflix and the phrase “unlimited” DVDs. Netflix settled, I got 2 free DVDs, the person sued got a couple thousand dollars and lawyers made millions. Every class action suit I’ve been involved works out like that.

I got the same email.

What surprised me was that I got the email just after browsing shoe options on Zappos for the first time in years. The one time I used them before, the shoes didn’t fit right and I sent them back. I thought I would try them again, but the prices put me off.

It took me a second to realize this was about a settlement to a data breach I wasn’t aware of, and not some escalation of invasive marketing (come back! We will give you 10% off!).

So, yeah, fuck them. They won’t be reward by me for handling my data poorly.

I got one of those settlement notices. There are two different options: you can opt out of the settlement completely by sending a letter saying you want out. You can, alternately, send a letter saying you disagree with the settlement which is frankly a terrible deal. The second option requires you to stay in and accept the crap terms of the original settlement and doesn’t guarantee anything. It’s all legal shenanigans and either thing pretty much means you get the equivalent of a used condom.
http://www.zapposdatasettlement.com/media/2389309/v5_zsc_notice-web_101119_final.pdf

them are some pretty shoes

is this where robocalls come from?

why do you think you’re being involved?

This topic was automatically closed after 5 days. New replies are no longer allowed.