Amazon Confirms Employee Data Breach Linked to MOVEit Vulnerability

Amazon has confirmed a data breach affecting employee contact information, including email addresses, phone numbers, and building locations. The breach originated from a security incident at one of Amazon’s property management vendors, which was compromised due to a vulnerability in the MOVEit file transfer system identified in May 2023.

The compromised data, dating back to May 2023, was posted on a hacking forum and includes information from Amazon and 25 other entities, such as MetLife, HP, HSBC, and Canada Post. The MOVEit vulnerability has previously affected several high-profile organizations, including the BBC, British Airways, Sony, and the U.S. Department of Energy.

Amazon spokesperson Adam Montgomery stated, “Amazon and AWS systems remain secure, and we have not experienced a security event.” He emphasized that the only information involved was employee work contact details, and no sensitive data like social security numbers or financial information were compromised.

The exact number of affected employees is unclear, but a screenshot from the hacking forum post shows more than 2.8 million lines in the purported Amazon dataset. The Verge

This incident underscores the risks associated with third-party vulnerabilities and highlights the importance of robust security measures across all levels of an organization’s supply chain.