Las Vegas Sun

September 2, 2014

Currently: 96° — Complete forecast | Log in | Create an account

Zappos in damage-control mode after computer security breach

Image

Paul Takahashi

Zappos CEO Tony Hsieh responds to questions from the media on Monday, January 16, 2012, one day after the online retailer’s website was hacked. The cyber-attack did not compromise Zappo’s credit card database, but the hacker may have accessed users’ personal data such as name, address, billing and shipping addresses, phone numbers, the last four digits of their credit card numbers and online passwords.

Zappos Hacking Press Conference

Zappos CEO Tony Hsieh responds to questions from the media on Monday, January 16, 2012, one day after the online retailer's website was hacked. The cyber-attack did not compromise Zappo's credit card database, but the hacker may have accessed users' personal data such as name, address, billing and shipping addresses, phone numbers, the last four digits of their credit card numbers and online passwords. Launch slideshow »

Online retailer Zappos hacked

KSNV coverage of Zappos press conference held to address recent hacking incident, Jan. 16, 2012.

A day after Zappos announced a security breach affecting up to 24 million customers, employees of the Henderson-based company spent Monday working to control the damage.

In an email sent to employees about 4 p.m. Sunday, CEO Tony Hsieh revealed that the online retailer was the victim of a cyber attack after someone gained access to internal systems through a computer server in Kentucky.

The database storing customer credit card numbers was not accessed, but other information, including possibly names, email addresses, phone numbers and billing and shipping addresses, may have been compromised.

Zappos responded by resetting customers’ passwords, and employees spent Monday working to assist customers and assuage any fears about the leak.

In a short press conference outside of Zappos’ headquarters off Green Valley Parkway, Hsieh was somber as he recounted the events of the past 24 hours and laid out the company’s plans for handling the breach.

“It’s definitely been very tough,” he said, as media and about two dozen employees gathered around.

“Obviously it’s not a fun situation for anyone,” he said. “We’re working hard to get through to all our customers and help them through the process.”

Hsieh was unable to give details about how the breach happened or who might be behind the attack, saying that the incident is under investigation by law enforcement.

He said that it’s possible not all 24 million accounts were accessed, and the company chose to “err on the side of caution” when deciding which customers to notify.

“We’ve spent over 12 years building our reputation, brand and trust with our customers. It’s painful to see us take so many steps back due to a single incident,” Hsieh said in the email to employees. “I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”

As a result of the breach, all local Zappos employees were pulled off their normal jobs Monday to assist customers. Phone lines at the customer service center were shut down to prevent them from being overloaded with calls, and the company is responding to customer inquiries through email.

Customers can reset their passwords by going to Zappos.com and clicking on the “Create a New Password” link in the upper right corner of the page. Anyone with questions is encouraged to email Zappos at [email protected].

Hsieh said the company will evaluate Tuesday when to reopen phone lines.

“We really appreciate our employees all coming together and we’ve also heard support from our customers,” Hsieh said. “This is the type of thing no company wants to happen to them, and we’re trying to address it as well as we can.”

Join the Discussion:

Check this out for a full explanation of our conversion to the LiveFyre commenting system and instructions on how to sign up for an account.

Full comments policy

Previous Discussion: 7 comments so far…

Comments are moderated by Las Vegas Sun editors. Our goal is not to limit the discussion, but rather to elevate it. Comments should be relevant and contain no abusive language. Comments that are off-topic, vulgar, profane or include personal attacks will be removed. Full comments policy. Additionally, we now display comments from trusted commenters by default. Those wishing to become a trusted commenter need to verify their identity or sign in with Facebook Connect to tie their Facebook account to their Las Vegas Sun account. For more on this change, read our story about how it works and why we did it.

Only trusted comments are displayed on this page. Untrusted comments have expired from this story.

  1. These same hackers can break into anyone's computer and sniff it for information to make themselves easy cash. Even if my front door is unlocked, no one has the right to walk in and look around.

    If that happened on the frontier, the corn field would have a higher yield the following summer and the farmer's daughter would be a lot safer in the Fall. I hope the thieves are caught and branded.

  2. This kind of thing happens all the time. I get a credit card replaced almost yearly because some website I bought something from was compromised. Usually companies just notify the financial institutions to cancel the credit cards that were on file, and keep it quiet. Zappos actually coming forward so that users can protect themselves is another example of Zappos doing the right thing by their customers.

  3. Chunky says:

    Why didn't someone in the camera crowd smack the inconsiderate @#$#@^$% who is stuffing the recorder in Mr. Hsieh's face and his arm into every shot?

    Disrespectful to the man and unprofessional to his media colleagues!

    That's what Chunky thinks!

  4. The only reason this happens is because the consumer is too lazy to enter their information each and every time a purchase is made. Period.

    It should be illegal to store any information for future re-use. Yes, it would make online monthly subscriptions impossible, but it would also stop many, MANY scams dead in their tracks.

    The steps needed to stop this won't be taken, though. People are too in love with all the deals they get or with being able to use just one click to pay for a repeat purchase.

  5. By the way, if I were head of IT at Zappos, I'd be looking at current or former (mainly current) employees who might hold a grudge. This type of breach is an inside job more often than not.

  6. Is there a connection ?

    http://www.lasvegassun.com/news/2011/dec...

    Culinary's attacks on Tony Hsieh called 'disgusting'

  7. Hsieh did the right thing by personally taking questions as opposed to pawning it off to some media relations publicist and shrugging it off the way Epsilon did last April.