Amazon has contacted a portion of its customers to inform them an employee has been discharged from their role after leaking their personal information to an unidentified third-party.
The individual who lost their job for leaking customer email addresses has been referred to the police, according to Motherboard, with criminal investigations now ongoing. The incident highlights the continued threat of insider security risks.
No matter how many cyber security precautions an organisation takes, it’s difficult to guard against either human error or malicious intent, as has been the case with the leakage of Amazon customers’ email addresses.
"We are writing to let you know that your e-mail address was disclosed by an Amazon employee to a third-party in violation of our policies,” the company wrote in a message to customers affected.
“As a result, we have fired the employee, referred them to law enforcement, and are supporting law enforcement criminal prosecution.”
There are few details as to how many customers were affected, or the identity of the third-party to which the customer email addresses were leaked. The news circulated online over the weekend after a number of Twitter users posted copies of the message they received from Amazon.
“The fact that a number of Tweets that have appeared over the last few days from Amazon customers stating that they have been the victim of a data breach will rightfully be a worry to consumers," said Jo O’Reilly, digital privacy expert at ProPrivacy.
“Finding out that an Amazon employee has been passing customer emails to a third party is particularly concerning, especially as Amazon appears to have been very vague about the details.
RELATED RESOURCE
The State of Email Security 2020
Email security insights at your email perimeter, inside your organisation, and beyond
“The online retail giant has confirmed that they are working directly with the authorities and that the employee in question has been fired however more transparency with the consumer impacted and what this means for their online privacy is now needed. It's entirely possible that they will now find themselves falling victim to phishing attacks, to prevent this Amazon need to be upfront about exactly who these emails have been shared with.”
This incident bears striking similarity to one in January 2020, in which several Amazon employees were fired after sharing customer email addresses and phone numbers with a third-party.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
The complete guide to the NIST cybersecurity frameworkWhitepaper Find out how the NIST Cybersecurity framework is evolving
-
Are you prepared for the next attack? The state of application security in 2024Webinar Aligning to NIS2 cybersecurity risk-management obligations in the EU
-
The economics of penetration testing for web application securitywhitepaper Get the most value from your security solution
-
How to extend zero trust to your cloud workloadsWhitepaper Implement zero trust-based security across your entire ecosystem
-
Four requirements for a zero trust branchWhitepaper Effectively navigate the complex and ever-changing demands of security and network connectivity
