Zappos, the online fashion retailer owned by Amazon has been hit by a cyber attack, putting the personal details of around 24 million customers at risk.
Credit card information had not been stolen, Zappos announced in a statement, but names, email addresses and other personal information may have been exposed.
Zappos, was founded in 1999 by Nick Swinmurn and started out as an online shoe retailer before branching out into clothing and accessories. It was sold to Amazon for more than $1bn (£650m) in 2009.
In an email to staff sent on Sunday and posted on the company website, Zappos chief executive Tony Hsieh said: "We were recently the victim of a cyber-attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.
"We are co-operating with law enforcement to undergo an exhaustive investigation."
Mr Hsieh added: "We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident."
It is reported that the company wrote to its 24 million customers following the attack, asking them to choose new passwords for Zappos.com and any other site where they may have used the same or similar password.
It also warned that "the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)" may have been exposed in the attack.
However, in his message to company staff Mr Hsieh stressed that the credit card and payment database had not been accessed.