- Following its 2012 data breach of 24 million customers, online retailer Zappos proposed a reconciliation with victims in the form of a one-time, 10% discount on a Zappos.com online or mobile purchase, according to the company's settlement site.
- If customers want exemption from the settlement they "must send a letter requesting exclusion" by Nov. 29, "or else you're bound by the settlement," according to Zappos. "You may only opt out if you do not use or transfer your discount code."
- Emails sent to customers who shopped with Zappos at the time of the breach were informed their discount is applicable until the end of the year. The email, attached with a copy of the settlement agreement, revealed Zappos' attorneys will earn nearly $1.6 million in fees.
Though the settlement is waiting approval from judges of the United States District Court for the District of Nevada, Zappos' settlement attempt is bold in that it does not provide monetary payment — and requires customers to spend money.
Earlier this year, Yahoo's proposed breach settlement was rejected because the "relief" that company offered was insufficient. Yahoo was and still is offering monetary compensation to victims. Equifax's breach settlement included cash payouts to victims, valued at about $125.
Zappos, on the other hand, is offering a discount, which would require customers to give the retailer money, "not to mention you'd have to give your personal information to the company with a data breach again," commented one consumer on a public forum.
The retailer was already issued a $106,000 penalty in 2015 with nine states pertaining to the breach. The settlement required the company to take on further security measures.
The Federal Trade Commission wants more authority over breach-related incidents, but the U.S. is in legislative limbo. The California Consumer Protection Act is the closest law to the European Union's GDPR as a federal data privacy law is a distant notion.
Other companies, including Equifax, Uber, Google and Marriott International, were slapped with six- and nine-digit fines for "negligent" data breaches.