The United States District Court for the District of Nevada held that a pair of plaintiffs who had alleged actual harm had standing to bring a data breach action against Zappos, the online shoe and clothing retailer and Amazon subsidiary.  But the court also significantly narrowed the action – striking a dozen other plaintiffs who had alleged no actual injury, dismissing a handful of claims, and directing the remaining plaintiffs to narrow their proposed definition of the class.  The case stems from a January 2012 data breach of the customer database, which contained the names, account numbers, passwords, email addresses, billing and shipping addresses, phone numbers, and the last four digits of credit card numbers belonging to approximately 24 million customers.