More than 24 million customers of online shoe retailer Zappos.com received a notice last night that their personally identifiable information may have been stolen. An e-mail to customers said customers’ names, e-mail addresses, billing and shipping addresses, phone numbers, scrambled passwords and the last four digits of credit card account numbers may have been taken. The database that stores payment and credit card data was not compromised, the e-retailer said.
An e-mail sent to Zappos employees last night by Zappos CEO Tony Hsieh says a criminal gained access to parts of Zappos’ internal network and systems through a server in Kentucky and that Zappos is working with the FBI to investigate. He said the attack happened recently but did not specify precisely when it happened or how Zappos became aware of it. Zappos also posted a link to the employee e-mail on its Facebook wall and linked to it from Twitter. Amazon and Zappos representatives declined to provide further details.
Comments Zappos customers posted on Zappos Facebook wall today were largely supportive of the e-retailer, although some consumers said they had not received the e-mail Zappos sent to customers last night.
The e-mail to customers also informed them that Zappos had reset all customer account passwords and asked customers to create a new password for their accounts. Consumers on Facebook complained Monday that were delays in processing the new password requests, which required consumers to submit their e-mail address on Zappos.com and wait for an e-mail from the e-retailer. It took approximately five hours for Zappos.com and 6pm.com to respond to password requests submitted today by Internet Retailer.
Hsieh’s e-mail to employees alerted them that Zappos had temporarily turned off its phones because it expected that the volume of customer inquiries about the breach would overwhelm it. Hsieh asked that all employees, regardless of department, help answer customer inquiries via e-mail. “We need all hands on deck to help get through this,” he wrote.
“We’ve spent over 12 years building our reputation, brand and trust with our customers,” Hseih wrote. “It’s painful to see us take so many steps back due to a single incident.”
Customers who call Zappos’ toll-free customer service number today hear a recording that directs them to e-mail the company at email@example.com.