Zappos CEO Tony Hsieh responds to questions from the media on Monday, January 16, 2012, one day after the online retailer’s website was hacked. The cyber-attack did not compromise Zappo’s credit card database, but the hacker may have accessed users’ personal data such as name, address, billing and shipping addresses, phone numbers, the last four digits of their credit card numbers and online passwords.
Wednesday, Jan. 18, 2012 | 5:46 p.m.
Seventy-two hours after the company announced a security breach affecting millions of customers, phone lines at the online retailer Zappos were still shut down as the company continues to work its way through the crisis.
On Sunday afternoon, CEO Tony Hsieh sent an e-mail to Zappos employees informing them that a hacker had accessed the company's internal systems and that the names, e-mail addresses, billing and shipping addresses and partial credit card information of up to 24 million customers may have been compromised. Hsieh did say that the database containing fuller customer credit card information was not accessed in the breach.
Few other details have been released following the attack, which is under investigation by law enforcement.
Following that announcement, the company went into damage control mode, shifting employees off of their normal jobs to focus solely on assisting customers.
The company, often lauded for its culture of customer service, found itself scrambling to maintain the trust of the millions of people who use the site each day. It shut down its phone lines, routing all customer inquiries through e-mail and preemptively reset users' log-in information, forcing them to choose a new password.
As of Wednesday afternoon, the customer service line was still down as people continued to turn to social media to contact the company and express a mix of confusion, indignation and support.
"Still have yet to receive my email to reset password," one commenter wrote on Facebook Tuesday. "I requested this yesterday morning. Very frustrated!"
Others bemoaned the password reset process as "inconvenient" and the company's apology as "disingenuous."
But some users took the time to thank Zappos and offer condolences about the recent attack.
"I saw this post, went to Zappos and reset my password in under a minute," a Facebook commenter said. "It was as efficient as ordering and receiving when I make purchases! Great job Zappos! Keep up the good work."
Aimee Romero, a crisis communications strategist with MassMedia Corporate Communications, said so far Zappos has handled the breach and ensuing customer outcry well.
In situations like this, notifying customers early and staying transparent while the problem is worked on is crucial, Romero said.
"You need to let customers know that you're aware there's a problem," she said. "So far, Zappos has been forthcoming and they're giving customers an easy place to go to fix the problem."
By failing to be proactive, rumors and misinformation can spread among customers, she said, and the power of the internet and social networks can cause the situation to spiral out of control.
Zappos' strong social networking presence – the company regularly responds directly to posts on Facebook and Twitter – help create a direct link to customers and allows executives to get feedback on how their crisis control efforts are being received, Romero said.
Once Zappos has weathered the initial phase of the crisis, Romero said, it will be important for the company to show it's made a serious effort to prevent any such future breaches.
"I think you're probably going to see them talk about changes that can be made," she said. "It's important they show customers they've learned something and taken something away (from the incident)."
Join the Discussion:
Check this out for a full explanation of our conversion to the LiveFyre commenting system and instructions on how to sign up for an account.
Full comments policy