Internet merchant account site Zappos.com has claimed that its customers’ credit card and payment processing information is safe, after a significant online hack.

The online shoe seller, which last year was bought by leading ecommerce giant Amazon.com, has revealed that a hacker may have accessed the personal details of up to 24 million customers.

While it has ensured that payment information was not stolen in the breach, names, phone numbers, email addresses, shipping and billing locations, as well as the last four digits from credit cards may have all been accessed by the unknown cyber attacker.

This is according to an email from chief executive officer Tony Hsieh, which was sent to all employees on Sunday January 15th.

Mr Hsieh said: “We’ve spent over 12 years building our reputation, brand, and trust with our customers.

“It’s painful to see us take so many steps back due to a single incident,” he commented, before adding: “I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”

Zappos has since contacted all customers by email and urged them to change their existing passwords, while also offering assistance on how to pick a new and highly secure word.

This is in part because the cyber criminal now has access to the cryptographically scrambled password, and while this is not the actual account password used, this could still leave customer accounts vulnerable.

The online shoe and apparel retailer claims that the hacker somehow gained access to its internal systems and network via its servers in Kentucky, however the identity of the perpetrator or perpetrators has yet to be ascertained.

Zappos’s online hack has proven the need for large internet merchant account sites to employ comprehensive security systems to protect against such widespread data breaches.

Hacks can cost a significant amount to recover from both financially in terms of loss of sales, theft and site damage, but equally worrying can be the impact upon brand image and reputation, preventing consumers and other businesses from using their online payment processing services or engaging in trade.

While larger internet merchant account sites can prove lucrative for cyber hackers, smaller ecommerce sites can be equally tempting.

This is especially due to the current economic climate, which Michael Hamelin, chief security architect with Tufin Technologies, claims can lead some businesses to cut back on IT security.

“In these IT cost-conscious times, most budgets – yes, even in the IT security department – are always under review, and usually in a downwards direction,” Mr Hamelin warned.

He then explained that this trend could leave organisations vulnerable; adding that investment in security is essential, especially as regulatory and compliance requirements continue to grow.

While working within a networking and IT environment now relies upon modern IT security features, the technology expert add that “one unfortunate fact of life is that meeting the needs of a rising tide of security compliance needs can prove to be an expensive option”.