E-retailer Zappos hit by cyber attack
Credit card information had not been stolen, Zappos announced in a statement, but names, email addresses and other personal information may have been exposed.
Zappos, was founded in 1999 by Nick Swinmurn and started out as an online shoe retailer before branching out into clothing and accessories. It was sold to Amazon for more than $1bn (£650m) in 2009.
In an email to staff sent on Sunday and posted on the company website, Zappos chief executive Tony Hsieh said: "We were recently the victim of a cyber-attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.
"We are co-operating with law enforcement to undergo an exhaustive investigation."
Mr Hsieh added: "We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident."
It is reported that the company wrote to its 24 million customers following the attack, asking them to choose new passwords for Zappos.com and any other site where they may have used the same or similar password.
The email said the attack had potentially exposed the name, email address, billing and shipping address and phone number of customers.
It also warned that "the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)" may have been exposed in the attack.
However, in his message to company staff Mr Hsieh stressed that the credit card and payment database had not been accessed.