Zappos, a US online shoes and apparel outlet owned by e-tailing giant Amazon, has suffered a massive data breach that may have affected more than 24 million of its customers.
The company apologised for the occurrence and stressed the database that stores customers’ critical credit card and other payment data was not affected or accessed. However, the company sent out an email to its customers notifying them that, for their protection and to prevent unauthorised access, Zappos expired and reset their passwords so customers can create a new password.
“We are writing to let you know that there may have been illegal and unauthorised access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password),” Zappos chief executive Tony Hsieh wrote in an email to customers and employees.
The company also alerted customers of its decision to temporarily turn off its phones and direct customers to contact Zappos via email because its phone systems aren’t capable of handling so much volume.
Because of the nature of the investigation, the information in the email is being sent more formally, and the company apologised for not being able to provide any more details about specifics of the attack beyond what is in the email and the link at the end of the email.
“We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed,” Hsieh concluded. “Over the next day or so, we will be training everyone on the specifics of how to best help our customers through their password change process now that their passwords have been reset and expired. We need all hands on deck to help get through this.”
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
View Comments
Zappos is giving everyone a lesson on managing a data breach that everyone who may ever have to deal with the problem should look to for guidance. There is a lot to be learned. People understand that such things happen and, unless you've been egregiously lax in protecting their account information, will give you the benefit of the doubt. How you respond to the crisis will be what determines whether or not the issue is resolved with minimal damage or it deteriorates into a PR disaster.
As I said, Zappos is giving us a real-time lesson on how to do crisis management properly and we should all be taking notes. For a more detailed analysis: http://blog.unibulmerchantservices.com/zappos-is-giving-us-a-lesson-on-managing-a-data-breach