US online clothing retailer Zappos has warned its 24 million customers that personal data including their phone numbers and home addresses may have been stolen in a recent cyber attack.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," CEO Tony Hseih wrote in an email to employees.
In a separate message to customers, Zappos assured them that the database containing their full credit card numbers had not been accessed. The company has reset the passwords for all its customer accounts, and advises customers that use the same login for multiple sites to change all their passwords.
Zappos, which was acquired by e-commerce giant Amazon.com in 2009 but which operates from a separate data centre, has decided to shut off its phones due to the anticipated volume of support calls, and is asking customers to get in touch via email instead.
“We’ve spent over 12 years building our reputation, brand, and trust with our customers," Hseih wrote in his email to employees. "It’s painful to see us take so many steps back due to a single incident.”