CHICAGO — Online retailer Zappos.com and its discount affiliate, 6pm.com, disclosed Sunday a data breach that compromised customer account information such as billing addresses and the last four digits of credit card numbers.
The security problem did not affect “critical credit card and other payment data,” Zappos Chief Executive Tony Hsieh wrote in an employee email that was posted on the company blog on Sunday.
Hsieh explained that the company was “the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.”
A company spokeswoman said Zappos was unable to comment further on the data breach.
The retailer has more than 24 million customer accounts in its database, according to Hsieh’s memo, and the company is notifying customers of the data breach via email. It has expired shoppers’ passwords so they must create new ones to access their accounts.
In the letters, Zappos and 6pm said “there may have been illegal and unauthorized access to some of your customer account information … including one or more of the following: your name, email address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).”
The company emphasized that the database storing credit card information was not accessed by the cybercriminal, and urged customers to reset passwords on other websites where they use a similar one.
©2012 the Chicago Tribune
Visit the Chicago Tribune at www.chicagotribune.com
Distributed by MCT Information Services