The popular online shoe retailer, a division of Amazon, disclosed on Sunday that hackers cracked its customer database to steal records for some 24 million customers.
The data thieves did not get any payment card numbers, because that data were encrypted, as required under the Payment Card Industry Data Security Standard.
But as is a common practice with many online retailers, Zappos did not encrypt its customers' e-mail and shipping addresses, phone numbers, the last four digits of the payment card and the account passwords.