In 2012, 24 million Zappos customers found out that hackers had accessed their personal information. Since then, customers have fought to sue Zappos, Amazon’s online shoe retailer, over the data breach. Now, the U.S. Supreme Court has rejected an appeal, meaning they can move forward with a class-action lawsuit against the company for the breach that left them vulnerable to identity theft and fraud.
Zappos was trying to appeal a ruling by a San Francisco-based appeals court that allowed the case to continue, even though there was little evidence of actual harm to consumers. As the Hill notes, in its appeal to the Supreme Court, Zappos argued that “a database holding customers’ personal information is accessed, but virtually no identity theft or fraud results–is an increasingly common one.” That said, even Zappos admitted that “around two dozen consumers said their data was misused following the breach.” Consumer advocates argue that due to the nature of the data accessed in such breaches, they are at risk of facing harm in the form of identity theft or fraud at any time, even years later, and long before the fraud is discovered.
The high court’s decision is a victory for consumers who had their personal data exposed on the site, but could be a cause for alarm to other companies that have been breached, including Equifax, Marriott, and Google.