January 16, 2012
Security Breach Of Zappos Customer Data Reported
Online clothing retailer Zappos.com announced to its 24 million customers in a mass emailing Sunday that an intruder had gained unauthorized access to the company´s online servers.
The retailer said hackers may have accessed customers´ names, email addresses, billing information, phone numbers, and the last four digits of their credit card numbers in the recent attack. The announcement appeared on Zappos´ website late Sunday night. The company assured its customers that full credit card numbers were not stolen, because they were stored separately.“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation,” said the email, signed by Zappos.com CEO Tony Hsieh. “For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password “¦ We also recommend that you change your password on any other web site where you use the same or a similar password.”
Hsieh said the company´s most important focus right now is the safety and security of its customers´ information. All existing passwords were voided and a link -- http://www.zappos.com/passwordchange -- was set up for customers to go and reset their passwords.
Zappos shut down its phone support lines and said it will solely rely on email to communicate during this phase. The company is portraying this as a time-saving measure, and it is drafting its entire headquarters staff to handle customer services messages. Hsieh said a predicted surge of concerned callers would quickly overwhelm the switchboard.
“In order to service as many customer inquiries as possible, we will be asking all employees at our headquarters, regardless of department, to help with assisting customers. Due to the volume of inquiries we are expecting, we realized that we could serve the most customers by answering their questions by email,” says a statement on the company℠s Web page.
“We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren´t capable of handling so much volume. (If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.)” the statement said.
In a memo to staff and customers, Hsieh said: “We´ve spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed.”
Zappos´ data breach is among the biggest thefts of customer information ever, but is still considerably small compared to last year´s Sony PlayStation Network breach that impacted more than 75 million customers.
On the Net:
Email alert sent to Zappos customers...