Zappos.com said a hacker breached its customer database. More than 24 million customers of online shoe retailer Zappos.com received a notice last night that their personally identifiable information may have been stolen.
An e-mail sent to customers indicated customers' names, e-mail addresses, billing and shipping addresses, phone numbers, scrambled passwords and the last four digits of credit card account numbers may have been taken. The database that stores payment and credit card data was not compromised.
Also impacted was customers of 6pm.com, a discount shoe e-retailer operated by Zappos.
An e-mail sent to Zappos employees last night by Zappos CEO Tony Hsieh says a criminal gained access to parts of Zappos' internal network and systems through a server in Kentucky. Zappos is working with the FBI as part of the investigation. Hsieh did not indicate when the attack occurred.
The e-mail to customers also informed them that Zappos had reset all customer account passwords and asked customers to create a new password. Hsieh's e-mail to employees alerted them that Zappos had temporarily turned off its phones because it expected that the volume of customer inquiries about the breach would overwhelm it. Customers who called Zappos' toll-free customer service number on Monday heard a recording that directs them to e-mail the company at help@zappos.com.
Hsieh asked that all employees, regardless of department, help answer customer inquiries via e-mail. “We need all hands on deck to help get through this,” he wrote.
He added in the employees message, “We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed.”
