In just three weeks, Barbara Scott hit the trifecta of computer security breaches.

Since the start of the New Year, Ms. Scott, who works as a director at Redemtech, an information technology asset recovery business in San Diego, has been the victim of three separate cyber attacks. Two weeks ago, the online auction site eBay e-mailed her to let her know there had been suspicious activity on her account. And on Monday, she received e-mails from the Amazon subsidiaries Zappos.com and 6PM — two online shoe retailers — alerting her that, once again, her information had been hacked.

“It’s disturbing,” Ms. Scott said in an interview on Monday. “Companies have to do a better job protecting our privacy. You would think companies like eBay and Amazon have the financial backing and wherewithal to take the proper security measures.”

She’s asking the question that perplexes not only the victims of the hacking but security experts and the executives running the companies that are hacked. The breaches at Zappos.com and 6PM appear to have compromised the account information for 24 million customers — the largest breach of any online retailer since a series of cyberattacks hit Sony last year. That attack compromised 100 million customer accounts. The attacks point to an unsettling new world where even the supposed stalwarts of the Internet — Amazon, eBay and even the security giants paid to keep hackers at bay — cannot seem to keep our personal information safe.

Zappos.com’s chief executive, Tony Hsieh, said customer names, encrypted passwords, phone numbers, e-mail and mailing addresses and the last four digits of their credit cards may have been stolen in the attack. The company said it had quickly reset all passwords, and a separate database containing critical credit card information had not been breached.

Mr. Hsieh — who wrote the book “Delivering Happiness” and regularly invites customers to tour Zappos’ facilities — provided no explanation as to why the company’s data was vulnerable. But he said the company had to make the “hard decision” to shut down its phone systems and redirect customers to an e-mail address instead, because its customer service lines “simply aren’t capable” of handling the number of expected customer inquiries.

That response angered Eric Seftel, a Zappos customer, who posted his reply to Zappos’ e-mail alert on The New York Times site.

“That’s it? That’s how you respond to a security exposure that may require me to change my password on a large number of other sites to protect myself? That’s how little you think of your customers, just drop this glib little note and wash your hands of the whole affair? You have a legal and moral obligation to protect my information.”

In an e-mail to The New York Times on Monday, Mr. Hsieh said the company had a security breach response plan in place at the time of the breach but he could not discuss the specifics. “Our plan specifically includes not disclosing details of our security processes or procedures,” Mr. Hsieh said, “just like you would not expect a casino to disclose when the security guards change shifts.”

The breaches at Amazon’s sites come after several other recent cyberattacks that, taken together, threaten to shake consumer confidence on the Web.

Over the Christmas holiday, hackers claiming to be members of the group Anonymous attacked the Web site of Strategic Forecasting, a research firm that specializes in security and intelligence, and dumped personal and payment details for thousands of subscribers, including former Secretary of State Henry Kissinger and former Vice President Dan Quayle.

In a separate attack on India’s military and intelligence servers two weeks ago, a different group of hackers managed to find, and post, a segment of source code belonging to Symantec, the biggest security software company. A Symantec spokesman, Cris Paden, confirmed that the code belonged to two of its older antivirus products, which are used by businesses to secure their information.

“There are a lot of people that are going to seriously reconsider before they purchase anything else on the Internet,” Jerry Irvine, a member of the National Cyber Security Task Force, said in an interview on Monday.

The White House is working on a plan to bolster e-commerce confidence in an era of daily security breaches. The initiative, called the National Strategy for Trusted Identities in Cyberspace, works with crucial vendors — like banks, technology companies and cellphone service providers — to adopt higher standards for the way companies verify user identities and store personal data online.

But the program is less than a year old and, Mr. Irvine says, intended as only one step in a larger process to protect customers’ identities and personal information on the Web. “These breaches are going to be an education for people to take a more layered approach to their security,” he says.

Without a good solution for companies, Mr. Irvine throws the burden back to consumers. He recommends that consumers take a more vigilant approach to protecting their personal data. That, he says, includes not using e-mail addresses as user names, creating unique passwords for different Web sites, and refraining from saving personal and payment details online.

“It’s going to be a pain in the butt, but that is the only way you’re going to be secure,” says Mr. Irvine.

Ms. Scott says she already uses complex alphanumeric passwords and updates them on a regular basis.

“Beyond that, I guess I have to be more conscious about who I choose to do business with online,” she says. “How hard can it be to find a safe place online to buy shoes?