The United States Supreme Court has rejected an appeal by online shoe company Zappos over a data breach in 2012 that compromised the information of 24 million customers, according to a report from Reuters.
Zappos, which is a subsidiary of Amazon, was appealing the decision by a California-based federal appeals court to bring back the lawsuit. Originally, a Nevada judge claimed only people who had suffered financial loss were eligible for damages.
The crux of the case is whether people whose data was stolen can bring a lawsuit against a company even if the data was not used by any other companies or criminals for things like identity theft or fake charges.
Zappos’ argument is that because customers weren’t harmed by the data breach, a federal lawsuit should not be warranted. Customers argue that stolen information can be used for a long time after it is stolen, and that it could be years before it is even noticed.
The hack occurred in January of 2012 when perpetrators got access to Zappos’ servers and stole names, contact details and segments of credit card numbers.
Zappos customers who bought shoes and other merchandise said the company did not properly encrypt its servers, which allowed for the breach. Zappos said it responded quickly to reset passwords so that no extensive harm was done.
The 9th U.S. Circuit Court of Appeals overturned the Nevada judge’s ruling last year, saying “hackers accessed information that could be used to help commit identity fraud or identity theft.”
That court said Zappos customers can sue if they show there is a future risk of impending harm. The company fought back, saying the standard was “manifestly insufficient,” and asked the Supreme Court to reverse the decision.
Zappos, which is backed by the U.S. Chamber of Commerce, said data breaches are increasingly common in the digital age, and that the court should protect businesses from “sprawling and costly litigation.”