Online shoe and apparel shop Zappos, now owned by Amazon, reported earlier this week that 24 million users names, e-mail addresses, billing and shipping addresses, phone numbers, and the last four digits of credit card numbers may have been illegally accessed. In response to this breach, Zappos has expired and reset all passwords. They have also temporarily foregone using their 800 number phone service in an effort to redeploy customer-service representatives to respond to customer email.

Zappos CEO Tony Hsieh posted an open letter online to Zappos employees about a “cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.” In this open letter, Hsieh wrote, “The most important focus for us now right now is the safety and security of our customers’ information.

Now, four days and counting after Zappos revealed user details had been breached in a digital intrusion, the company is still blocking access to Zappos.com from outside the U.S. In one tweet from a Zappos customer service representative, Rick Duggan apologized for the inconvenience, said that service had been restored to the United Kingdom and was “rolling out to other locations.”

Zappos says the attacker likely gained access to customer name, email address, billing and shipping addresses, phone numbers, the last four digits of the customer card numbers and the customer’s “cryptographically scrambled password.” But other payment data, such as full credit-card and payment information, is not believed to have been accessed by the attacker.

If you are a Zappos or Amazon customer we recommend that you take these steps right away;

Change your password immediately. If you use this password for other online accounts, change it there as well.

NEVER respond directly to information requests in emails.

Retailers and banks should never ask you to provide sensitive information like your credit card or Social Security number in an email. Even if the email looks official or directs you to a website that appears to be an official company website, do not provide personal information, or login. Instead, contact the company at a well-known, published web address or phone number.

Check your account statements regularly. Most financial institutions allow you to review your account online. Do a quick check of your credit, savings, and checking accounts. If you see suspicious activity, contact your bank or creditor immediately.

Author's Bio: 

Dovell Bonnett has been creating security solutions for computer users for over 20 years. In order to provide these solutions to consumers as directly, and quickly, as possible, he founded Access Smart. With each of his innovations, the end user — the person sitting in front of a computer — is his No. 1 customer.

This passion, as he puts it, to “empower people to manage digital information in the digital age” also led him to write the popular Online Identity Theft Protection for Dummies. Within the pervasive nature of our e-commerce and e-business community, personal information, from credit card numbers to your pet’s name, is more easily accessed, and identity theft and fraud has become an issue that touches every consumer.

Mr. Bonnett’s solutions reduce security risks for individual users, small businesses and large corporations. His professional experience spans 21 years in engineering, product development, sales and marketing, with more than 15 years focused specifically on smartcard technology, systems and applications. Mr. Bonnett has spent most of his smartcard career translating and integrating technology components into end-user solutions designed to solve business security needs and incorporating multi-applications onto a single credential using both contactless and contact smartcards. He has held positions at National Semiconductor, Siemens (Infineon), Certicom, Motorola and HID. He is the author of smartcard articles, regularly presents at conferences, and helps companies successfully implement smartcard projects. Mr. Bonnett has been an active member of the Smart Card Alliance contributing to the development of physical access security white papers. He holds dual bachelor’s degrees in industrial and electrical engineering from San Jose State University.