Zappos says hackers potentially gathered names, e-mail and physical addresses, phone numbers, and last four digits of credit cards. But full credit card numbers not exposed, Zappos says.
Zappos.com, the popular shoe website, was the victim of a cyber attack that exposed customer information on the company's internal network and systems, Chief Executive Tony Hsieh said in an email to employees.
In a separate email to account holders, the company said the potentially exposed information included names, email addresses, billing and shipping addresses, phone numbers and the last four digits of credit card numbers.
Zappos said the database that stores full credit card numbers and other payment data was not affected or accessed.
Hsieh said the Henderson, Nev., company was cooperating with law enforcement in "an exhaustive investigation."
"We've spent over 12 years building our reputation, brand, and trust with our customers," Hsieh said in the email to customers. "It's painful to see us take so many steps back due to a single incident."
To employees, he said, "Over the next day or so, we will be training everyone on the specifics of how to best help our customers through their password change process now that their passwords have been reset and expired. We need all hands on deck to help get through this."
Zappos said it has more than 24 million customer accounts in its database.
For the time being, the company will not be answering customer inquiries by phone.
"We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email," Hsieh told shoppers, "because our phone systems simply aren't capable of handling so much volume."
Zappos is directing customers to an internal Web page.
Zappos has become known for its customer service, generous returns policy and for its quirky company culture led by Hsieh _ including head-shaving events, impromptu parades around the cubicles and employee birthday pranks.