Update: Zappos Says 24 Million Customers Affected By Data Breach

Author: Dennis Fisher
minute read

UPDATE: Online retailer Zappos said that its network has been compromised and attackers were able to access personal information belonging to more than 24 million of its customers. Zappos said that its database that contains customers’ credit card numbers was not compromised, however.

ZapposUPDATE: Online retailer Zappos said that its network has been compromised and attackers were able to access personal information belonging to more than 24 million of its customers. Zappos said that its database that contains customers’ credit card numbers was not compromised, however.

We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation,” Tony Hsieh, the company CEO, said in an email to employees.

“Because of the nature of the investigation, the information in this email is being sent a bit more formally, and unfortunately we are not able to provide any more details about specifics of the attack beyond what is in this email and the link at the end of this email, but we can say that THE DATABASE THAT STORES OUR CUSTOMERS’ CRITICAL CREDIT CARD AND OTHER PAYMENT DATA WAS NOT AFFECTED OR ACCESSED.”

Zappos is a large retailer, mainly known for its shoe business. But the company also sells a large range of other goods, including clothing and accessories. As a result of the data breach, Zappos already has expired all of the affected customers’ passwords and is requiring them to reset their credentials.

“We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed,” Hsieh said in his email.

A company spokesperson declined to comment on the breach, but directed inquiries to the letter by CEO Hsieh. The company has temporarily disabled its phone lines due to an overwhelming volume of calls and has pulled its “entire staff” to the job of informing its 24 million customers and prompting them to update their password.

Zappos has created a site with information for customers who are affected by the data breach, which can be found here.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.