Amazon-owned clothing retailer Zappos.com has been hacked, with up to 24 million customers affected.
The company has been forced to reset customer passwords after names, email addresses, billing and shipping addresses as well as the last four digits of credit card numbers were compromised.
Password hashes were also taken in what appears to be the biggest public data breach of 2012 thus far.
We have made the hard decision to temporarily turn off our phones...
The database storing customers' critical credit card data has not been accessed, however.
Non-US customers are currently blocked from accessing Zappos.com's statement on the company blog, but an email explaining the breach is circulating the web.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," said Tony Hsieh, CEO of Zappos.com, in an email to employees.
"We are cooperating with law enforcement to undergo an exhaustive investigation.
"We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren't capable of handling so much volume."
The email sent to users outlined what data may have been stolen, alongside details about how to gain a new password.
"We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail," the email read.
Graham Cluley, senior technology consultant at Sophos, said it was an "ugly situation" for Zappos.com.
"One imagines that the decision to block access to the blog entry is to prevent it becoming overloaded with traffic - but, seriously, how hard is it to host an important message like this on another trusted site?" he added, in a blog post.
