Online retailer Zappos.com and its discount affiliate, 6pm.com, disclosed Sunday a data breach that compromised customer account information such as billing addresses and the last four digits of credit card numbers.
The security problem did not affect "critical credit card and other payment data," Zappos Chief Executive Tony Hsieh wrote in an employee e-mail that was posted on the company blog on Sunday.
A company spokeswoman said Zappos was unable to comment further on the data breach.
The retailer has more than 24 million customer accounts in its database, according to Hsieh’s memo, and the company is notifying customers of the data breach via e-mail. It has expired shoppers’ passwords so they must create new ones to access their accounts.
In the letters, Zappos and 6pm said "there may have been illegal and unauthorized access to some of your customer account information...including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)."
The company emphasized that the database storing credit card information was not accessed by the cybercriminal, and urged customers to reset passwords on other websites where they use a similar one.