Zappos.com, the popular online shoe retailer owned by Amazon.com, said its internal network was infiltrated by a cyber attacker.
The company’s chief executive Tony Hsieh sent an e-mail to employees on Sunday indicating the retailer is in the process of notifying more than 24 million customers that some of their personal information may have been accessed by the intruder. The note that is posted to Zappos’ blog says a slew of information may have been exposed, including: customers' names, e-mail addresses, billing and shipping addresses, phone numbers and the last four digits of customers’ credit card numbers.
In the note, Hsieh says the “one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed.” Still, the firm is expecting a massive influx customer calls and e-mails from concerned customers.
Indeed, Hsieh has assigned all employees at the company to field customer contacts and said the company would shut down its phone system in favor of an email-only response out of concern the phones would become overloaded.
“We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident,” Hsieh told his staff in the e-mail. “We need all hands on deck to help get through this.”
The hacker apparently gained access to the company’s system through a server in Kentucky. The company said it is cooperating with law enforcement and plans on undergoing an “exhaustive investigation.” It was not immediately clear if an individual or group was responsible for the hacking or what will happen to the exposed data.
In the meantime, the company is urging customer to change their passwords.