Zappos, the Online shoe and apparel retailer, has issued a red alert for its 24 million customers, warning them their account information was compromised, following a cyber attack that gained unauthorized access to the company's internal servers, according to an United Press International (UPI) report.
We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky, Tony Hsieh, the Chief Executive Officer (CEO), wrote to employees, in an email on Sunday.
The online retailer has provided security measures to help mitigate the problem. As a precaution, Zappos has also reset passwords for all customers and asked they change passwords at other Web sites, if those are similar to the ones for Zappos.
Hsieh added that most data may have been illegally accessed, including customers' billing/shipping addresses and contact details, as well as the last four digits of their credit cards. However, the company was quick to re-assure customers that the database hosting full payment details was not breached.
Anticipating a huge volume of queries from concerned customers in response to the notification, the company has temporarily shut down its phone services and asked customers to correspond by e-mail.
According to a report on CNET, all employees at Zappos' Henderson, Nev., headquarters will assist customers with questions regarding the breach. Zappos is currently working with law enforcement authorities to conduct investigations into the matter.
We've spent over 12 years building our reputation, brand, and trust with our customers, said Hsieh in an apologetic note. It's painful to see us take so many steps back due to a single incident. I supposed the one saving grace is that the secure database that stores our customers' critical credit card and other payment data was not affected or accessed, the CEO added.