Department of Justice LogoZappos, a division of Amazon focused on online shoe sales announced that their customer database of 24 million customer records was hacked over the weekend. Fortunately, the credit card database was not accessed.

This is a huge problem for Zappos. They will now need to go through a process of getting all 24 million customers to update their password, and notify each user that their username and password have been stolen.

The implications of this hacker stealing this information is far reaching. Many consumers use a familiar username and password for accessing commonly used websites. If you have ever set up an account on Zappos – you may have a problem if you did not use a unique password. Be sure to pick a new commonly used password and update it everywhere.

Agents, brokers, and MLSs collect a lot of “personally identifiable information” on consumers and store that information on cell phones, laptops, and in databases.  If you loose your cell phone or laptop or get hacked yourself, you are legally responsible to follow the Incident Response Procedures for Data Breaches Involving Personally Identifiable Information.

What is Personally Identifiable Information and what to do in the event of a breach.

Personally Identifiable Information includes First or Last Name, Country, State, or City of Residence, Age, Gender, Race, Workplace or School, Grades, salary or job position.

Here is a general outline of what you do if you loose information.

  1. Report the Actual or Suspected Data Breach to the Department of Justice.
  2. The Department of Justice will rate the severity of the incident, its potential harm to consumers.
  3. Companies follow the advise of the Department of Justice which may involve
    1. Notification to Customers
    2. Notification of Law Enforcement
    3. Notification of Banks
    4. Set up a help line
    5. Credit Monitoring
    6. Complete a Federal Trade Commission ID Threat Affidavit

For a complete understanding of the nightmare that will result from getting hacked, you can read this 23 page document from the DOJ here (

Steps to avoid these issues:

  1. Secure all devices and software with passwords
  2. Require that passwords be 8 digits or more, case sensitive and alpha-numeric
  3. Use secure online solutions for customer data base management (CRM Solutions Here)
  4. Use online document solutions (Document Management Solutions Here).
  5. Have your corporate attorney insure that you have placed the correct disclaimers limiting your responsibility on your website and in your representation agreements with consumers.
  6. Include information about securing consumer information in your agent contractor agreements and employee handbook.
  7. Train employees and contractors on keeping data safe.