How many people need to be affected before a breach is considered major? Maybe a million? Well, in the January situation involving Zappos, a million could be a rounding error. Information on as many as 24 million people was stolen from the online shoe and clothing retailer. Data is believed to have included names, email addresses, physical addresses, phone numbers, the last four digits of the customer card numbers and encrypted passwords. The company terminated existing passwords and required customers to create new ones. It also redeployed staff from its call center to its email response team in order to have a highly proactive response.