Amazon Confirms Limited Data Breach Involving Employee Contact Details

Amazon recently confirmed that a data breach exposed employee contact information, including work email addresses, phone numbers, and building locations. The breach, first reported by 404 Media, was linked to a security incident involving Amazon’s property management vendor, affecting several of the vendor’s clients, including Amazon. Adam Montgomery, an Amazon spokesperson, clarified that only work-related contact data was compromised.

This announcement comes after a cybercrime investigation by Hudson Rock, which discovered that the stolen data had been posted on a hacking forum. The leak is associated with a significant security flaw in the MOVEit file transfer system that came to light last year. Besides Amazon, data from major companies like MetLife, HP, HSBC, and Canada Post was also impacted. Amazon joins other high-profile organizations affected by this vulnerability, including the BBC, British Airways, Sony, and the U.S. Department of Energy.

Montgomery emphasized that Amazon’s systems remain secure, with no breach of AWS or internal company databases. “The only Amazon information involved was employee work contact information,” he stated, assuring that sensitive employee data, such as Social Security numbers or financial information, was unaffected. The extent of the breach remains unclear, though a forum screenshot suggests the dataset includes over 2.8 million entries. Amazon has reassured employees and the people that no personal identifiers like government IDs or financial details were exposed, focusing on mitigating any risk tied to the leak of work contact information alone.