Customer account information included in breach . . .

Recently, the records of the large on line store Zappos.com were compromised. This breach affected 24 million customers. Included in the breach was customer account information, including names, email addresses, billing and shipping addresses, phone numbers and the last four digits of credit card numbers and encrypted passwords.

The questioned posed by some would be ” Why was Zappos holding on to this information? If the answer is they needed it , then why wasn’t it stored elsewhere and encrypted rather than stored in plain text, except for the initial passwords for access.”

A professor from Indiana University’s Maurer School of Law urges organizations to carefully review whether they are collecting and storing more data than they need and put a retention schedule in place. The simple rule is this, “The more data you have the more you are responsible for, which exponentially increases your risk.”