After the Zappos breach, get tough on lax Web security

Ho hum, yet another massive Internet data breach.

In the latest proof that business and government both need to do more about this, Zappos.com disclosed that hackers gained access to data on millions of its customers, including the last four digits of their credit card numbers and scrambled versions of their passwords.

The big Internet shoe and apparel retailer insisted customer credit card data was safe. Yet it is requiring all 24 million of its customers to choose new passwords, and recommending that customers using the same password on other websites change it there as well.

Unfortunately, the Zappos breach is hardly the first of its kind. Last year, for instance, hackers accessed more than 100 million user accounts at Sony's PlayStation Network and Sony Online Entertainment service. These episodes underscore the need for federal legislation to establish high standards for data protection and tough fines for lax businesses. As things stand, companies evidently don't have enough incentive to tackle the difficult problem of data security in earnest. Consumers, after all, don't base purchase decisions on the quality of a company's network security, which the layperson is in no position to judge anyway. So companies naturally put their money elsewhere.

But they're foolish not to work harder at this. It's imperative that firms do more to protect customer data if they are to retain the trust of the consumers they depend upon.