Monday, Jan. 16, 2012 | 4:58 p.m.
A day after Zappos announced a security breach affecting up to 24 million customers, employees of the Henderson-based company spent Monday working to control the damage.
In an email sent to employees about 4 p.m. Sunday, CEO Tony Hsieh revealed that the online retailer was the victim of a cyber attack after someone gained access to internal systems through a computer server in Kentucky.
The database storing customer credit card numbers was not accessed, but other information, including possibly names, email addresses, phone numbers and billing and shipping addresses, may have been compromised.
Zappos responded by resetting customers’ passwords, and employees spent Monday working to assist customers and assuage any fears about the leak.
In a short press conference outside of Zappos’ headquarters off Green Valley Parkway, Hsieh was somber as he recounted the events of the past 24 hours and laid out the company’s plans for handling the breach.
“It’s definitely been very tough,” he said, as media and about two dozen employees gathered around.
“Obviously it’s not a fun situation for anyone,” he said. “We’re working hard to get through to all our customers and help them through the process.”
Hsieh was unable to give details about how the breach happened or who might be behind the attack, saying that the incident is under investigation by law enforcement.
He said that it’s possible not all 24 million accounts were accessed, and the company chose to “err on the side of caution” when deciding which customers to notify.
“We’ve spent over 12 years building our reputation, brand and trust with our customers. It’s painful to see us take so many steps back due to a single incident,” Hsieh said in the email to employees. “I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”
As a result of the breach, all local Zappos employees were pulled off their normal jobs Monday to assist customers. Phone lines at the customer service center were shut down to prevent them from being overloaded with calls, and the company is responding to customer inquiries through email.
Customers can reset their passwords by going to Zappos.com and clicking on the “Create a New Password” link in the upper right corner of the page. Anyone with questions is encouraged to email Zappos at firstname.lastname@example.org.
Hsieh said the company will evaluate Tuesday when to reopen phone lines.
“We really appreciate our employees all coming together and we’ve also heard support from our customers,” Hsieh said. “This is the type of thing no company wants to happen to them, and we’re trying to address it as well as we can.”