The seven-year-long class action suit against Zappos, an e-commerce site owned by Amazon, is about to end with a settlement agreement between the company and the victims of the data breach that has exposed the data of more than 24 million users. The caveat, however, is that the victims will most likely walk away with practically nothing while their lawyers are set to earn millions from the case.
The preliminary settlement agreement filed last week has revealed that victims of the 2012 data breach will only receive a meager 10% discount from their next purchase from the site. As insulting as it sounds, the lawyers who are representing the victims will be awarded at least $1,620,000 in attorneys’ fees and other legal costs.
Back in 2012, malicious actors breached Zappos servers and stole the personal data — excluding payment card details — for more than 24 million customers. Following the hack, impacted users have filed a lawsuit against Zappos claiming that the company failed to protect their data. The class-action filed by the victims are demanding for reparations for their stolen data.
The preliminary settlement is not yet final, but it could end the seven-year lawsuit against the company when a court judge decides to accept the terms which are scheduled on December 20.
We all have seen victims of massive data breaches and hackers remained unapprehended. In fact, Zappos’ case isn’t the only one that irked many people for a settlement that is rather more insulting than it is repairing. The Yahoo settlement, for example, has maxed the claims of impacted users to $358.80 each. Similarly, the Equifax breach will only compensate victims at a maximum of $125 each.
The lack of a legal backbone that defines the value of data is the primary reason why these kinds of settlements thrive within the courts. While the laws in the United States favor victims of data breaches and recognize that their data are valuable, and, hence, needs protection. There is no specific law that defines how much it would cost if someone’s data is compromised. Let alone the value of a specific kind of data per se.
When a company gets breached and when victims come to the court to demand reparations for leaking their data amid the promises to secure them, the most likely scenario is they will end up in a sham settlement just to put an end on the issue. The real victim, when this happens, are the same people who are already victimized by the company’s lack of security protocol.
On the other hand, the winners in these settlements are the lawyers who will most likely walk away with millions in attorney’s fees and legal costs. This does not go into saying that lawyers should not be paid for their services, but instead, the most important issue that should be resolved by a settlement is to compensate the victims themselves.
Compensating the victims will always be unjust unless there is a legal backbone to the compensation — legislation that determines and defines the value of each data that is stolen from its owner. Without this kind of legal certainty, companies will always find a way to pay as little as possible, and victims will end up accepting deals just to get over everything.