Zappos.com, Inc., will pay $106,000 as part of a settlement with nine states after a data breach allegedly exposed customer’s personal information, the office of Maryland Attorney General Brian Frosh announced on Wednesday.
The breach allegedly exposed customers' names, billing and shipping addresses, phone numbers, log-in credentials and email addresses.
The online shoe retailer maintains that the 2012 breach did not expose full credit card information or other personal data, but agreed to the deal, which includes improving its information system to prevent further breaches.
As part of the settlement, Zappos agreed to audit its information system and provide each attorney general named in the settlement with the results of the security audit. It then must rectify any deficiencies found in the audit.
The company, which is based in Las Vegas, Nevada, will also update its policies for security and protection of personal information, which includes patch management and vulnerability assessments.
Zappos also agreed to provide documents that show compliance with industry security standards and will hold annual security training for all its employees.
Other states named in the settlement include Arizona, North Carolina, Connecticut, Kentucky, Florida, Ohio, Massachusetts and Pennsylvania.