Experts Weigh In on Zappos’ Security Breach

In the wake of the data security breach at Zappos.com earlier this week, experts lauded the e-tailer for the way it handled the crisis.

On Sunday, the e-commerce firm informed 24 million customers that security had been compromised. A hacker had gained access to names, addresses, phone numbers, scrambled passwords and the last four digits of credit cards. Still, experts said they didn’t foresee the incident having a lasting impact on Zappos in the long term.

“As consumers, we tend to have very short memories,” said Marshal Cohen, NPD Group chief industry analyst. “Many times, if a company has a strong enough brand or strong enough customer relationship, which Zappos does, it has the ability weather the storm.”

In the short term, Cohen predicted that some customers might avoid the site, but he doesn’t expect the traffic change to make a major dent on Zappos’ sales. “There’ll be a small percentage of consumers who already had concerns about fraud, and these events just reinforce their suspicions,” he said. “But the majority of customers who already love the company will allow themselves to re-engage and give [Zappos] a second chance.”

And while the e-tailer may have taken a small hit to its reputation, Zappos took the right step in restoring consumer confidence by addressing the incident quickly, said Dave Wieneke, CEO of digital consulting firm Useful Arts. Although no credit card or other payment information was stolen, Zappos execs sent an email to more than 24 million affected users on Sunday, notifying them of the security breach.

“From what I can tell, [Zappos’] initial response was as immediate and appropriate as it could be,” Wieneke said. “They’re being very quiet about what they know about the incident, whether it was internal, external or done by a virus. So that suggests that they’re working with law enforcement.”

Indeed, CEO Tony Hsieh briefed employees of the incident on Sunday, writing, “We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation.”

The company also set up a web page to update consumers who have questions, at Zappos.com/passwordchange.

Zappos could not be reached for comment. In its email to customers, the company said everyone would have to create new passwords for Zappos.com and also recommended changing similar passwords on other sites.

“We’ve spent over 12 years building our reputation, brand and trust with our customers,” said Hsieh in the memo to employees. “It’s painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”

Double Diamond Group founder Todd Ablowitz, whose firm specializes in payment technologies, said hacks like this are part of a larger problem that is now more prevalent with new forms of commerce.

“This is not a one-company problem,” Ablowitz said. “With new ways to make sales, you have a fertile ground for bad guys. And for merchants and consumers, there has to be a new way to regulate security in these environments. It’s going to be an important topic for quite some time.”

Access exclusive content