WASHINGTON — US online shoe seller Zappos.com was notifying some 24 million customers Monday that a hacker had gained entry to its computer network, but said credit card data was not affected.
“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky,” chief executive Tony Hsieh said in a message Sunday.
“We are cooperating with law enforcement to undergo an exhaustive investigation.”
Hsieh said the database with credit card or other payment data “was not affected or accessed.”
A message sent to customers said that the hackers may have accessed “one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).”
Zappos, which claims to have more than $1 billion in annual sales of shoes and other merchandise, said it had invalidated the current passwords of customers, requiring them to reset their accounts.
The retailer operates as an independent unit of Amazon.com, which acquired Zappos in 2009 for $1.2 billion.