Protecting Your ID After the Zappos Data Breach

The hacker gained access to the company’s network and personal information from more than 24 million customers. That information includes customer names, email addresses, billing & shipping addresses, phone numbers and last four digits of the accompanying credit cards and encrypted passwords.

Zappos alleges the database storing the actual credit card and other payment data was not affected or accessed.

The company immediately “expired and reset” customer’s passwords and provided them with directions on how to change their password. Zappos also advised customers to change their password on any other website where the same or similar password was being used as affiliated with the customer’s name.

Email messaging is the only source of communications Zappos is accepting at this time. Regretfully, as of Tuesday, customers outside of the U.S were unable to access the Zappos website or password reset feature, causing a great deal of frustration.

At this time, Zappos has not provided details as to when the data breach occurred, how long the hackers had access to the systems, and how the breach was detected. Zappos discount shoe store, 6pm.com, was also affected and customers of this site have also had their passwords cancelled and are now required to reset.

If you receive notification of a data breach from any account with your personal information, BBB encourages you to consider the following:

• Zappos and 6 pm customers should visit the company’s website and change password immediately.
• If you use the same or similar login with other accounts, change those passwords as well.
• Monitor your Zappos account. There is some blog and chat room evidence that credit card accounts are beginning to show fraudulent activity.
• Visit www.annualcreditreport.com and place a “fraud alert” on your credit report. This alert tells the credit reporting agencies that your identity may have been stolen. They will monitor your report for any unusual credit activity. This alert lasts 90 days.
• Contact the organization that is the victim of the data breach and ask if they are going to provide free credit report monitoring services.
• Watch for increases in email phishing attempts. Hackers may have the last four digits of your credit card information. You are likely to be contacted by a scam artist who uses that “known” information to convince you to divulge the other numbers.

To limit your exposure to identity theft through credit card fraud, consider the following:

• Only conduct business with a credible online retailer. Confirm the legitimacy of the company through bbb.org, whois.net, and simply inserting the company’s name with the words, scam, complaints or reviews through an internet search.
• Consider online shopping with one particular card so it is easy to monitor.
• Use exclusive passwords for online shopping. Do not use the same passwords for online banking or other financial transaction in which there is greater risk of a security breach occurs. Use a different password for different sites. Never use your name in a password. Change passwords often.
• Manage your passwords. Storing them at home or in your cell phone increases the risks or identity theft. An automated solution generates unique passwords, stores them in one database and unlocks with one master key. Consider apps for your smart phones and free services such as KeePass (not to be confused with KeyPass which has an annual cost).